Rights Under the CCPA

Nathan Rizzuti Profile image

Written by:

Updated January 16, 2023

Online users are concerned over consumer privacy, and many states in the United States have begun forming legislation that further protects sensitive information. The California Consumer Privacy Act is one of the most significant pieces of legislation passed to date. But for it to be effective, consumers must be aware of the rights outlined within the document. Below, we’ll explain all of the consumer rights under the CCPA and provide a brief description so you can further understand how to use the law to boost the protection of your online identity.


  • The CCPA is a series of data privacy laws set in motion in 2020 to boost consumer privacy and control over their data.
  • The CCPA guarantees users a handful of rights regarding accessing, deleting, and understanding how their data is processed.
  • For California resident to best protect their sensitive information, they must be familiar with the rights established under the CCPA.

If you want to learn more, we have plenty of material on different subjects and the rights of the GDPR. For example, we have a great article explaining what a service provider is under the CCPA and another guide on the relationship between Google Analytics and the CCPA.

Insider Tip

Train all employees in the rules and regulations of the CCPA to help guarantee that your organization stays compliant.

What Are the CCPA Consumer Rights?

Every day, internet users create more data that businesses attempt to harvest and process for profit. Whether you like it or not, companies create a data profile to understand your habits better. And often, users need to learn how to limit or control how their data is used.

The CCPA outlines four major rights that users can exercise to ensure that the data only falls into the right hands. The rights include:

  1. The Right to Access
  2. The Right to Equal Services and Prices
  3. The Right to Request Deletion
  4. The Right to Opt-Out

The CCPA looks first to protect what’s known as personal information. This category includes anything that can be linked back to a real-life identity. Some examples of personal data include:

  • Social Security Numbers
  • Email Addresses
  • Ethnic Origin
  • Philosophical Beliefs
  • Sexual Orientation
  • Medical & Genetic Info

When users know these rights and the details behind each one, they may exercise them and take a stand against unlawful or unwanted data processing.

The Right to Access (Request Information)

Data is your asset. So when businesses track you and process your personal data, the CCPA enshrines the right for you to request what information is being held and its purpose.

Here, users can access the specific categories of information sold or disclosed (such as an email address or social security number.)

Additionally, businesses have legal obligations to share the information of any third party with access to their data profile.

Because of this right, businesses must acknowledge requests and grant access within 45 days of the official notification.

Right to Notice

The right to notice is fundamental because it establishes a legal obligation for businesses to be upfront about what data is collected before the user gives consent.

The notice must include the specific categories being processed and the business purposes for which they are collecting the data. The right to notice also establishes that businesses must notify users before any additional data collection is performed.

The Right to Opt-Out

Alongside the right of notice of what personal data a business plan on selling is the right to opt-out of having your data sold. At any moment, data subjects can request that the company cease processing their data.

The Right to Request Deletion

Last, and furthest from least, is the right to deletion. Again, the CCPA is clear: users have the option to request that business delete all the information that has been collected at any time.

However, similar to the GDPR, there are stipulations about this. For example, if the data is for security reasons, collected on behalf of a government agency, or if the business has established a legal basis with the data subject, the user may not have their deletion request granted.


Choosing to opt out of data processing and browser cookies may mean you won’t be given access to the website you wish to use.

Once requested, the business has 45 days to complete the request. Otherwise, they will be out of compliance with the CCPA.

If you are unsure about the business’s deletion policy, check out its privacy information page for more details.

STAT: Any business with over 150 unique visitors daily must comply with the rules of the CCPA. (source)

Rights Under the CCPA FAQs

How do I make sure that my business is CCPA-compliant?

A great first step is to go through a CCPA compliance checklist. It’s also necessary to have a visible “Do Not Sell My Personal Information” on your webpage for users to select.

What is the CPRA?

The CPRA stands for “California Privacy Rights Act.” It was a proposition that provided many amendments to the CCPA.

When was the CCPA established?

The CCPA was signed into law in 2018, becoming effective in January 2020.
Nathan Rizzuti Profile image