The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020.
The CCPA is intended to enhance privacy rights and consumer protection for residents of California, USA. Similarly to the GDPR, the CCPA doesn’t apply only to companies doing business in California, but it affects all businesses managing and processing of personal information of California’s citizens. More information can be found in the text of the Act, here.
Although, the CCPA draws enough similarity with the GDPR, it’s still a distinct regulation that requires further scrutiny by companies dealing with personal data of Californian citizens.
This article aims to explain how we at Smartlook relate to the CCPA and personal data processing—so you (as our customer, user, client) can evaluate where you stand with regard to this legislation. Please note that this article is for information purposes only—don’t use it as a piece of legal advice.
You should consult legal counsel to determine how the CCPA applies to you and your business.
What does the CCPA mean for Smartlook and you?
Within the CCPA, Smartlook is defined as a “service provider,” while you, our customers, are defined as the “business”. In the CCPA context, we’ll process all your users’ personal information, for business purposes for you.
As we noted in our Data security policy, keeping data secure is paramount to Smartlook. As such, we’ve held ourselves at a standard which not only complies with all legal requirements, but also takes steps to ensure trust and safety of our customers’ data.
We always handle our customers’ data only within the scope permitted by the relevant regulation and by our customers. We’ll not sell any of our customers’ data to third parties.
Furthermore, we’ve done a lot of work preparing Smartlook to be fully GDPR-compliant (more info on that here) and all that work helped us with regard to the CCPA as well.
Accordingly, after January 1, 2020, we considered our clients’ end users (website or mobile apps visitors) with Californian IP addresses the same as if they were EU visitors. Meaning, all the private, personal, and identifiable data processed will be masked and obfuscated, by default.
If you want to access and work with personally identifiable data from Californian citizens onwards, you’ll need to:
Review the Data Processing Agreement (DPA), which, according to our Terms of Service, applies whenever you process personal data. The DPA can be reviewed here.
Provide us with evidence that you’ve received your end user’s consent to process their personal data (as noted in our documentation here).
We will only be able to process your Californian-based end users’ personal data, once you’ve fulfilled those 2 conditions mentioned directly above. More details on our data processing agreement and procedure can be found here.
Additionally, the CCPA provides end users with some rights that need to be respected. And we can help you with this as well.
The end users’ rights
The CCPA provides end users the rights to request from businesses (operating in California) a full disclosure of all collected information about them; and the power to decide whether their data may can be shared, stored, sold, and ultimately, removed.
In case any of your users want a full of disclosure of personal data stored in your Smartlook project, you must use our filter feature (to filter by IP or email or any other identifier). This will help you discover what kind of information has been collected about a particular user. Please note, if we haven’t processed the queried identifiable information previously (including your verified consent and signed DPA), the use of filters will be redundant as any users’ information will be anonymized by default.
If your users request data removal—we can, upon your request, delete all the records related to that specific user from our databases and send you verification of that action, upon completion. All you’ve to do is reach out to the Smartlook team and submit a ticket.
Need more information?