California’s California Consumer Privacy Act (CCPA) goes into effect on January 1st, 2020.
The CCPA is intended to enhance privacy rights and consumer protection for residents of California, USA. Similarly to the GDPR, the CCPA doesn’t apply only to companies doing business in California, but it affects all businesses managing and processing of personal information of California’s citizens. More info in the text of the Act, here.
Although CCPA draws enough similarity with the GDPR it is still a distinct regulation that requires further scrutiny by companies dealing with personal data of Californian citizens.
This article aims to explain how we at Smartlook relate to the CCPA and personal data processing - so you (as our customer, user, client) can evaluate where do you stand when this regulation becomes effective. Please note that this article is for information purposes only - do not use it as a legal advice.
You should consult legal counsel to determine how CCPA applies to you and your business.
What does CCPA means for Smartlook & You?
Within the CCPA Smartlook is defined as a ‘service provider’, while you, our customers, are defined as the ‘business’. In the CCPA context we will process the personal information for business purposes for you.
As we noted in our Data & Security policy keeping data secure is paramount to Smartlook. As such we have held ourselves at a standard which not only complies with legal requirements, but also take steps to ensure trust & safety of our customers’ data.
We always handle our customer’s data only in a scope permitted by the relevant regulation and by our customers. We will sell none of our customer’s data to third parties.
We’ve done a lot of work preparing Smartlook to be fully GDPR compliant (more info on that here) and all that work helps us in the scope of CCPA as well.
Accordingly, after January 1st of 2020 we’ll consider our clients’ end users (website or mobile apps visitors) with Californian IP addresses the same as if they were EU visitors. Meaning, all the private, personal and identifiable data processed will be masked, obfuscated, by default.
If you want to access and work with personally identifiable data from Californian citizens onwards you’ll need to:
- Read, Accept and Sign the Data Processing Agreement. Controls for this are accessible in Smartlook’s Dashboard Project Settings. The DPA can be reviewed here www.smartlook.com/dpa
- Provide us an evidence that you’ve received your end user’s consent to process their personal data (as noted in our documentation here)
Only when those two conditions are fulfilled, we will be able to process your Californian based, end users personal information. More details on our data processing agreement & procedure - here.
Additionally, CCPA provides end user some rights that need to be respected. And we can help you with this as well.
The end user rights
The CCPA provides end users the rights to request from business (operating in California) a full disclosure of all collected information about them; and power to decide whether their data may be shared, stored, sold and ultimately removed.
In case your user wants a full of disclosure data stored in your Smartlook project you’d use our Filter features (to filter by IP or email or any other identifier) to discover what kind of information has been collected about the particular user. Do note, if we haven’t processed the queried identifiable information previously (including you verified consent & signed the DPA) - the use of filters will be redundant as the default user information will be anonymized by default.
If your users request data removal - we can, upon your request delete all the records related to that user from our databases and send you the verification upon completion. All you have to do is reach out to the team and submit a ticket.
Need more information?