What are consumer rights under the CCPA?

The CCPA grants California residents the following rights over their data and its use: Right to know and access: what personal information businesses have about them Right to know: whether their personal information that the business has is sold or disclosed and to whom Right to delete: request businesses to delete the personal information that was collected from the consumer Right to limit: limit the use or disclosure of their sensitive personal information Right to opt out: to opt out of the sale, share or use of their personal information for profiling or targeted advertising Right of nondiscrimination: not to be discriminated against for exercising any of their rights under the CCPA Right to correct: any incomplete or inaccurate personal information that a business holds about them be corrected

What is the difference between the CCPA and CPRA?

The CPRA, effective January 2023, expanded and strengthened the CCPA. Key changes include: Creation of the California Privacy Protection Agency (CPPA) New rights for consumers, such as correction of inaccurate data Stricter rules for sensitive personal information Mandatory data minimization and retention limits Together, the CCPA and CPRA form California’s comprehensive data privacy framework.

Which businesses must comply with the CCPA?

The CCPA applies to for-profit businesses that collect California residents’ data and meet at least one of these criteria: Annual gross revenue over USD 26,625,000 for the previous calendar year Buy, sell, or share personal information of 100,000 or more consumers or households Derive 50 percent or more of annual revenue from selling or sharing personal data It also applies to service providers and contractors that process data on behalf of covered businesses.

CCPA: Achieve compliance with the California Consumer Privacy Act

Usercentrics Consent Management Platform (CMP) enables you to meet evolving CCPA compliance requirements. Build user trust and fuel sustainable revenue growth.

Start free Contact Sales

What is the CCPA?

The California Consumer Privacy Act (CCPA) is a landmark privacy law that set a national standard for consumer privacy in the U.S. when it came into effect in 2020. It gives California residents greater control over their personal data and requires businesses to be transparent about data collection and use. It also gives individuals rights, including access, deletion, and opt-out from certain uses of personal data.

Common CCPA questions and answers

COMPLIANCE

How to comply with the California data privacy law

To comply with the CCPA, businesses must provide clear, up-to-date privacy notices, disclose data collection and sharing practices, and enable California residents’ right to opt out of data sales and other covered uses. They must also obtain consent before collecting or processing minors’ personal data.

RISKS

What are the consequences of CCPA noncompliance?

Noncompliance with the CCPA can result in enforcement actions by the California Privacy Protection Agency (CPPA) or the Attorney General. Businesses face escalating fines, depending on severity and if violations were willful or not. Consumers may also sue for statutory damages if they are victims of a data breach.

Benefits of a consent management platform

Manage user consent globally

Achieve and maintain compliance in all regions and industries where you do business, including the EU’s GDPR, Brazil’s LGPD, and frameworks like the IAB TCF v2.2.

Seamless integration

Easily integrate Usercentrics CMP with your website, app, or other platforms. Supports popular CMS and other third-party services to help drive your Privacy-Led Marketing.

Build user trust

Be transparent with users about how you use data and give them control. It’s not just a legal requirement. It’s a competitive differentiator that grows engagement and long-term customer relationships.

Increase opt-in rates

Targeted features like A/B Testing and Contextual Consent enable you to improve user experience quickly. Use data insights to optimize consent rates and capture more high-quality data.

“Usercentrics CMP helped us to reduce time and energy to manage compliance-related issues and focus more on the product itself. We are confident that the information in the CMP is up to date and relevant.”

Ekaterina Kolbasova

— Head of IT, AMBOSS

Read full review

Choose the right CCPA / CPRA compliance solution for your business

Protect your business and earn customer trust. Start your free trial today to simplify CCPA / CPRA compliance across your website and apps.

start free

Your questions answered

Contact our privacy experts

We’re here to answer your questions about data privacy, CCPA requirements, and compliant marketing. The Usercentrics Consent Management Platform helps you build trust, enhance user experience, and reduce regulatory risk. Let’s talk about how we can support your compliance goals.

Want to understand how privacy compliance drives user trust and marketing performance?
Unsure whether your business meets California’s privacy requirements?
Need guidance on your company’s specific compliance obligations?
Interested in partnering with us?

Contact sales

Contact chat bubble at the bottom right corner of a chat illustration

Learn more

Article

Mar 29, 2024

CCPA Compliance Checklist: How to achieve full compliance for your website

For companies doing business with residents of California, CCPA and CPRA compliance are required. Here’s how to protect your business.

Article

Jan 13, 2025

CCPA penalties and fines: What are the consequences of noncompliance?

Article

Feb 7, 2025

US data privacy laws by state: rights and requirements

In 2025 more US state privacy laws will come into effect than in any previous year, though federal legislation remains stalled. We compare what US state-level data privacy laws mean for consumers and businesses.

Frequently asked questions

The CCPA grants California residents the following rights over their data and its use:

Right to know and access: what personal information businesses have about them
Right to know: whether their personal information that the business has is sold or disclosed and to whom

Right to delete: request businesses to delete the personal information that was collected from the consumer
Right to limit: limit the use or disclosure of their sensitive personal information
Right to opt out: to opt out of the sale, share or use of their personal information for profiling or targeted advertising
Right of nondiscrimination: not to be discriminated against for exercising any of their rights under the CCPA
Right to correct: any incomplete or inaccurate personal information that a business holds about them be corrected

The California Attorney General or CPPA can levy civil penalties up to $2,663 per unintentional violation, or up to $7,988 per intentional violation or for violations involving minors. Individuals also have a private right of action and can sue companies for violations relating to data breach events affecting them and their data, and can seek statutory damages between $107 and $799 per incident.

CCPA compliance software enables companies to comply with the law’s requirements, like providing consumers with information about data processing and exercising their rights, and enabling them to opt out of the sale of their personal information.

A consent management platform (CMP) is a type of CCPA compliance software that can enable regulatory compliance for websites and apps. It can present users with information about cookies and trackers in use that collect personal data, and enable granular consent choices. It also securely stores consent information over time.

The CPRA, effective January 2023, expanded and strengthened the CCPA.
Key changes include:

Creation of the California Privacy Protection Agency (CPPA)
New rights for consumers, such as correction of inaccurate data
Stricter rules for sensitive personal information
Mandatory data minimization and retention limits

Together, the CCPA and CPRA form California’s comprehensive data privacy framework.

The CCPA applies to for-profit businesses that collect California residents’ data and meet at least one of these criteria:

Annual gross revenue over USD 26,625,000 for the previous calendar year
Buy, sell, or share personal information of 100,000 or more consumers or households
Derive 50 percent or more of annual revenue from selling or sharing personal data

It also applies to service providers and contractors that process data on behalf of covered businesses.