CCPA vs CalOPPA: Difference between the two California state laws

Unlike an array of other legal jurisdictions, the United States doesn’t have any specific data protection or general privacy law that works across the country. However, California has been at the forefront for a long time regarding regulating online privacy.

For more than a decade now, businesses and website admins have generated privacy policies to obey the California Online Privacy Protection Act (CalOPPA). This led to the invention of the California Consumer Privacy Act (CCPA) – a privacy law that commenced its effect on January 1, 2020.

While both of these acts have been placed to safeguard the personal information of California’s residents, not many people are aware of the similarities and differences between CCPA vs CalOPPA. To help you differentiate, this post covers a brief about these two laws.

CCPA vs CalOPPA: Similarities and Differences

Jotted down below are some similarities and differences between CCPA vs CalOPPA:

The TypeIt is a California state lawIt is a California state law
The Target AudienceIt is for such businesses that collect personal information from the residents of this state, meeting one or more requirements:
1. Earn a gross annual turnover of more than $25 million
2. Sell, receive or buy personal information of 50,000 or more residents of the state
3. Get 50% or more annual revenue for selling the personal information of the residents
It is for any online service or website that accumulates personal information from the residents of California.
Primary Requirements for BusinessesBusinesses will have to include individuals’ privacy rights in their policies, such as:
1. Right to know
2. Right to delete
3. Right to opt-out
4. Right to non-discrimination
The website should display a privacy policy noticeably, for instance:
1. A privacy policy on the homepage
2. A link with a visible word “Privacy” on the homepage, taking users to the privacy policy
3. A privacy policy linked to the homepage
Businesses have to disclose the information categories that they are accumulating, and it should be available in the privacy policy.The privacy policy should be decipherable and written in plain English. It should be devoid of technical jargon and displayed in a readable font.
On the website’s homepage, a Do Not Sell My Information should be present to let users opt-out with ease.The policy should contain a section describing the website’s stance on online tracking and making sure it is labeled clearly. You will have to explain how you will be responding to the Do Not Track signals and whether or not you will be disclosing personal information to third parties.
If you are offering financial incentives in return for personal information, it should be disclosed to customers.You must display all ways to use the collected personal data and offer links to third parties whenever necessary. 
All businesses must keep records for at least two years of consumer requests and how they responded to the requests.Websites must disclose any choices that users may have concerning using, collecting, and sharing their personal data.
Businesses are not permitted to sell personal information to those who are under 16 years of age unless consumers who are between 13-16 years of age have authorized the sale of their personal information through their parents or guardians.Sites should make sure that they offer correct and precise contact details so that the users don’t face any issues while raising questions or concerns. 

Everything You Must Know About the California Consumer Privacy Act


The California Consumer Privacy Act (CCPA) began its effect on January 1 2020. This is based in California and is a privacy legislation that improves the privacy rights and safeguards the personal information of the state’s residents.

How does it affect your business?

There is an array of ways through which the CCPA can impact your business. Some of them include:

  • Privacy Policy Updates

As mentioned above, you will have to update the privacy policy to make sure it communicates the new privacy rights to the California residents. The rights are:

  • The Right to Know: This is for residents to know the kind of personal information that is being collected and how the information is being used or shared by your business.
  • The Right to Non-Discrimination: This right states that you cannot deny any resident from your services or products. Not just that, you cannot charge anybody differently or offer them a different quality of product or service just because they made of using their rights under the CCPA policy.
  • The Right to Delete: California residents can request their personal information to be deleted through this right.
  • The Right to Opt-Out: Under this right, the residents of California can opt-out from allowing you to sell their personal information anytime. 
  • Notify Categories of Information Collected

Under the CCPA act, businesses across California have to notify their customers of the information categories that they are accumulating and the intention behind collecting this information. This communication can take place either before collecting the information or during the collection. Also, this information should be readily available on the website through a privacy policy at all times. 

  • Opt-out From Selling Personal Information

Being a business owner in California, you will have to offer a Do Not Sell My Information link on the website’s homepage. This link should direct your visitors to a page where they can exercise their right to opt-out from allowing you to sell the information. 

  • Financial Incentives

You can provide financial incentives to customers in return for their personal information until you have clearly disclosed these incentives in a notice to the customer with a clear explanation of the terms and conditions to access the incentive. 

  • Parental/Guardian Consent

Businesses are not allowed to sell the personal information of those who are under the age of 16 except:

  • Consumers who are aged between 13-16 years of age have authorised the sale of the personal information
  • Consumers who are below the age of 13 have had their guardian or parent approve the sale of personal information

Everything You Must Know About California Online Privacy Protection Act


The California Online Privacy Protection Act (CalOPPA) began its operations in 2004. However, it was amended again in 2013 to showcase new disclosures of privacy pertaining to tracking online visits. It is the first law of California that made it necessary for online services and websites to post a privacy policy.

How does it affect your business?

Jotted down below are some ways through which CalOPPA affects your business:

  • Privacy Policy Recommendations

If your business has to comply with CalOPPA, ensure that your privacy policy is adhering to the below-mentioned recommendations that come straight from the General California Department of Justice:

  • Online Tracking

With online tracking, you will have to make sure that a specific part of your privacy policy explains your standpoint on online monitoring that should be clearly labeled for your customers. And then, you will also have to explain how you are responding to Do Not Track signals. Furthermore, you will have to disclose whether any third parties are collecting the consumer’s personal information from your site or not. 

  • Data Usage

Under this clause, you will have to disclose all of the personal data that is being collected and how exactly it is being used. To add more to it, you can also add a link to the privacy policies of third parties that are using the information from your site. 

  • Choice of Sharing Personal Data

This one states that you must disclose your customers’ choices in relation to the accumulation, usage, and sharing of their personal information. 

  • Readability

When it comes to readability, you will have to ensure that your privacy policy is easy-to-read. Moreover, it should be written in easily understood, plain English and should not have any technical jargon words that are away from a layman’s comprehension. 

  • Accountability

As far as accountability is concerned, you will have to make sure that you offer contact details for any concerns or questions that your target audience may have. 

Penalties for Non-Compliance

Penalties for Non-Compliance

One of the essential things to keep in mind is that not complying with these laws can lead to violations and penalties, which could be too much to handle for a business. So, to give you a heads-up, here are the penalties you may have to pay for not complying with the law.

  • Penalties for CCPA Non-Compliance

Violating the CCPA is subjected to enforcement by the California attorney general’s office. If you have not adhered to the policy, you will get a notice from this office and will be given a period of 30-days. You will have to make amends within this period. However, if you fail to do so, this office can ask for civil penalties for $25,00 for every violation or $7,500 for every international violation. 

  • Penalties for CalOPPA Non-Compliance

If your business has been reported or marked for non-compliance, you get a 30-days grace period to correct the policy and make amends, just like CCPA. However, CalOPPA doesn’t come with an enforcement provision or mechanism. Its enforcements come under the California Unfair Competition Law’s scope. 

A fine can be filed against your business by the California Attorney General’s office as per this law. Thus, violating CalOPPA leads to the violation of the UCL. Such a suit can seek civil penalties, which is $2,500 for every violation, and private claims for violations to the policy. You may also have to bear actions from the Federal Trade Commission. 

The most substantial impact of non-complying with CalOPPA is the money multiplier consequence of the fine. Since the violation takes place each time somebody accesses your site without a privacy policy, the penalty can be humongous. 

For instance, Delta Airlines was once charged with a fine of $37,50,000 for not complying with the policy. 

How to Comply: CCPA vs CalOPPA

When it comes to complying with CCPA vs CalOPPA, most people assume that they will have to book an appointment with an attorney and get the privacy policies written to be published. However, such is not the case anymore. Thanks to WordPress, you can now use WP Legal Pages Pro, the best privacy policy generator that lets you create attorney-level privacy policies.

This specific plugin helps you create more than 25 automated legal policy templates, irrespective of the nature of your business. All you would have to do is add your business details, and the tool will do its job within a few minutes.

One of the best things about this WordPress plugin is that it supports multi-language translations, such as Portuguese, Italian, German, Spanish, French, and English. Thus, you can set up your policies in the language of your choice. 

Some of the other advantageous features of this tool include:

  • Regular updates
  • Easy customisation
  • Compatible with PHP, Easy Digital Download (EDD) and WordPress
  • Premium support
  • 30-days money-back guarantee
  • Help documentation available


So, to conclude CCPA vs CalOPPA, both are California laws for businesses that are accumulating data from local residents. However, CCPA is only applicable to those businesses that have an annual turnover of more than $25 million or derive 50% or more annual revenue from selling personal information. In addition to this, you must keep in mind that your business doesn’t have to be physically located in California for any of the laws to be applicable. If your customer base is in California, you will have to make sure you comply with the rules.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Join Over 50,000+ Subscribers

Interested In