Yotpo's Guide to the CCPA | Yotpo

Last updated on January 11, 2024

Privacy Team @ Yotpo
November 25th, 2019 | 7 minutes read

We’re here to help you prepare for the CCPA.

Table Of Contents

As a Privacy by Design company, Yotpo is committed to protecting both our customers’ and their end-users’ personal information.

While this post focuses on the CCPA, Yotpo is already compliant with a similar regulation, the EU’s GDPR, which went into effect in 2018.

The California Consumer Privacy Act (CCPA) is a bill that enhances privacy rights and consumer protections for residents of California. The CCPA applies to any for-profit entity doing business in California that meets at least one of the following requirements:

  1. Has annual gross revenue in excess of $25 million; or
  2. Handles the personal information of 50,000 or more California residents, households, or devices on an annual basis; or
  3. Derives 50% or more of its annual revenues from selling California residents’ personal information.

As online businesses continue to expand across borders, it is likely that this new regulation will affect you.

Breaking down the CCPA

The CCPA is a new law that regulates how the personal data of California residents can be collected, used, and processed by businesses, as well as who it is shared with and for what purpose. The law gives California residents control of their personal information and its usage.

It is the first comprehensive consumer privacy law to be enacted by a U.S. state.

The CCPA defines a California resident as anyone who is in the state for other than a temporary or transitory purpose, as well as anyone who lives in the state, but is outside the state for a temporary or transitory purpose.

Ahead of the CCPA coming into effect on January 1, 2020, we are committed to giving you all the information you need to navigate these new regulations.

How is Yotpo helping you prepare for your business’s obligations under the CCPA?

  • An updated Privacy Policy, with an additional CCPA Privacy Policy page dedicated to the CCPA, which lists both the categories of personal information (as defined by the CCPA) as well as the specific items collected under those categories.
  • An updated Data Processing Agreement, with an addendum dedicated to the CCPA, conveying Yotpo’s commitment to the CCPA and your consumers’ right to privacy.Yotpo supports your business in protecting consumers’ rights and processing their requests.

How is Yotpo supporting your management of customers’ rights under the CCPA?

Right to Notice — As mentioned above, our online documents describe the categories and items of personal information that we collect, allowing you to inform your clients.

Right to Access — Under the CCPA, customers have the right to request that a business disclose to them the categories and specific pieces of personal information the business has collected. Our APIs give you the ability to retrieve this information quickly via a link to a machine readable format file, hosted on our secured servers.

Right to Opt-Out — Your customer may ask to opt-out from the emails that we send to them on your behalf. Please review our support article on how to stop sending emails to a specific user. (They can also opt-out by clicking on the unsubscribe link.)

Right to Request Deletion — The CCPA allows for customers to request that you delete any personal data from your records. As your user-generated content service provider, we have built a functionality to erase your customers’ personal data quickly and easily upon request. For more information, you can get in touch with our support team here or your dedicated CSM.

The CCPA represents a new standard in the United States for how the personal data of California residents is regulated and protected, and it reflects how we think and operate at Yotpo when it comes to data privacy. As we gear up to CCPA compliance, we are committed to helping you with your CCPA readiness in the lead up to January 1.

What does the CCPA mean for my business?

The CCPA gives California residents more rights when it comes to the usage of their data and, as a result, provides new guidelines for any business that collects or processes the personal data of its California customers.

If you are wondering what ‘personal data’ means, it is identified in the CCPA as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” The CCPA grants California residents new rights regarding their personal information and imposes various regulations on entities conducting business in California regarding data protection.

Please review Yotpo’s Data Processing Agreement’s CCPA addendum for information about the categories and the specific items of personal information regarding your customer that Yotpo stores and processes.

The CCPA is similar to the GDPR, but differs in both its territorial reach and in specific definitions related to what constitutes protected information. The CCPA also includes an opt-out right for sales of information, meaning companies have to give consumers the right to opt-out of having their personal data sold. The act requires businesses to include a “Do Not Sell My Personal Information” link on their homepage.

The requirements of the CCPA will create a new standard for data protection, one that ultimately reflects good business practices regarding transparency and trust between brands and customers. You can find a detailed compliance guide explaining both the law and the day-to-day responsibilities of businesses under its purview here.

How do I prepare?

There are a few things you may want to take into consideration when preparing for the CCPA:

  • Updating your privacy policy in light of the new laws
  • Understanding your responsibilities under the CCPA
  • Taking into consideration your third party obligations

Because every business is different, and may have different obligations under the CCPA, our best recommendation is that you find out how these new regulations may affect your business by consulting with a lawyer.

You should also consider checking that any SaaS vendor your business uses is CCPA compliant as we get closer to January 1.

Data protection means better business

If a consumer is confident that their data will be protected, they will feel more comfortable sharing their personal information when active online. As the eCommerce space continues to grow, these new laws provide an excellent framework for the protection of customer data.

“Yotpo is all about providing consumers with a trustworthy shopping experience, and that extends to reviewers who share their thoughts, photos, and more. This is why we are committed to our global privacy program and to protecting customers’ privacy and ensuring they feel confident with every interaction.” — Tomer Tagrin, Yotpo Co-founder & CEO

We are excited to offer the highest standard of service when it comes to our customers and are committed to keeping you updated as you make your preparations for the CCPA.

If you have any questions or concerns regarding the new CCPA laws, feel free to get in touch with Yotpo’s Data Protection and Compliance team at privacy@yotpo.com or visit our website.

You can also subscribe to our DPA updates at the bottom of the Data Processing Agreement page. We will send you an email when our DPA has been modified.

Please note that this post does not include any legal or professional advice. You should consult with your legal counsel and IT experts for compliance with privacy and data protection laws.