How accessibility and the California Consumer Privacy Act (CCPA) impact us all
A new privacy law called the California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020. The privacy rights established by the CCPA are for all residents of California, including people with disabilities. CCPA applies to any US business that has consumers living in California and meets one or more of the following thresholds:
- Gross annual revenue of $25 million or more;
- Buys, receives, sells or shares personal information for commercial purposes of 50,000 or more consumers, households, or devices;
- Make 50% of more of annual revenues by selling consumers’ personal information.
It is best practice for any business outside of California to comply with CCPA (if the requirements above apply), because at some point in time they may have an eCommerce transaction with a California resident.
US businesses that meet the CCPA threshold are required to:
- Provide notice to consumers at or before collecting their personal data.
- These notices must be accessible to people with disabilities.
- Create a way for consumers to know, opt-out and delete their personal data.
- The ability to know, opt-out and delete personal data must be accessible to people with disabilities.
Any business, service provider or other persons that fail to comply with CCPA within 30 days after being notified of alleged noncompliance, they are at risk for a potential lawsuit and the following fines:
- A civil penalty of not more than two thousand five hundred dollars ($2,500) for each violation or seven thousand five hundred dollars ($7,500) for each intentional violation, which shall be assessed and recovered in a civil action brought in the name of the people of the State of California by the Attorney General. The civil penalties provided for in this section shall be exclusively assessed and recovered in a civil action brought in the name of the people of the State of California by the Attorney General.
The State of California Department of Justice has published a CCPA Fact Sheet that can help you determine if this law applies to your business.
CCPA Individual Consumer Rights
If you are a consumer in the state of California, under CCPA you have the right to:
- know exactly what personal information of yours has been collected by a qualified business, used, shared or sold;
- delete your personal information held by a qualified business;
- opt-out of the sale of your personal information by a qualified business;
- non-discrimination in terms of the price or service when you exercise your privacy rights under CCPA.
All consumers in California have these rights, including people with disabilities. So, the CCPA required processes for knowing, deleting and opting out of the sale of personal information must meet digital accessibility standards.
The CCPA does not specify that businesses should conform to which technical requirements businesses should comply with. However, the Web Content Accessibility Guidelines (WCAG) are the most widely accepted accessibility standards both globally and in the United States.
Accessibility Take-Aways
It’s common for sites to use toast messages or form elements to inform users of personal data collection. It’s also a common practice to offer a form to users to submit a request, opt-out, or deletion of their data. Have you built those elements with accessibility in mind? Whether you’ve built those services in-house, or if you’re relying on a 3rd party service, it’s still your responsibility.
Deque is ready to help your company navigate the accessibility requirements of the CCPA. We are experts in making sure people with disabilities have equal access to information and functionality. Let us help you build an accessible and sustainable solution.