Ensuring your website is CCPA Compliant while using Google Analyitcs

Google Analytics is active on most websites these days. Webmasters seem to add the tracking code as a routine procedure of setting up a website. It allows website owners to gain insights into website traffic and collects plenty of personal data. 

What is CCPA?

The CCPA is the new California Consumer Privacy Act that went into effect on January 1, 2020, and it’s enforceable from July 1, 2020. By default, Google Analytics is not CCPA compliant and there are some configuration changes needed to ensure it is compliant with the California Consumer Privacy Act (CCPA).

What businesses does CCPA apply to?

CCPA applies to all the businesses with over $25 million in annual gross revenue or has data of 50,000 California residents or makes 50% of its revenue by selling California resident’s data. If a business is outside California and if it falls under any of the above criteria then it needs to comply with CCPA.

In CCPA businesses need to give the option to its employees & customers:

• Right to be forgotten
• Right to data access
• Right to opt-out and opt-in
• How is CCPA different to GDPR?

The GDPR (General Data Protection Regulation) was implemented to protect EU citizens on May 25th 2018. While CCPA does not apply to everyone, with GDPR, any company that processes EU residents’ data must comply with its regulations. Personal data under the CCPA identifies, relates to, describes, and is linked to or associated with a consumer or household. Under the GDPR, the personal info is related to an identified or identifiable data subject.

Also, fines are different. Under the GDPR, fines for violation is up to 20 million euros or 4% of annual revenue, whichever is bigger. Under the CCPA, a fine for violation is up to $7,500 per record.

Now, you might be wondering, does the new law apply to your website?

Who Needs to be CCPA Compliant?

Unlike GDPR (a European data privacy law), CCPA doesn’t apply to everyone. If your business meets the following conditions, then you’ll have to comply with the law:

• Make yearly revenues above $25 million
• Buy, receive, sell, or share personal information of 50,000 more clients, devices, or households in California
• Generate at least half your turnover from selling consumer data

It is important to note that these disclosures should be made promptly and free of charge. CCPA bestows California consumers the privilege to request specific information from your company concerning how you use their data. For this reason, once you get a ‘verifiable consumer request,’ you are obligated to divulge;

• The types of personal data you have gathered about the customer
• The kinds of sources from which the personal information was collected
• The commercial purpose for collecting or selling the data
• The categories of third parties with whom your business shared the personal data
• The particular pieces of data your company collected about the specific consumer

Is Google Analytics CCPA Compliant?

Google Analytics collects a lot of personally identifiable data on visitors to a website. This means that by default it is not compliant and some configuration changes are required. While some website owners may decide to simply remove Google Analytics from their websites, where will they go for all the rich data that it provides? Fortunately, there is an easy way to ensure your website complies with CCPA and continues to benefit from Google Analytics. 

Ensuring Google Analytics is CCPA Compliant

MonsterInsights has an excellent WordPress plugin for Google Analytics, when GDPR was introduced, MonsterInsights also introduced an EU Compliance addon. This same addon can be used to automate the process of meeting CCPA compliance.  

Here’s a summary of what you can do with the addon:

• Anonymize user’s IP address in Google Analytics
• Disable UserID tracking on Google Analytics
• Disable demographics and interest reports for advertising (Google Ads) and remarketing tracking in Google Analytics
• Automatically disable author tracking Google Analytics and custom dimensions addon
• Easy integration with CookieBot and Cookie Notice WordPress plugins

Implement an Opt-Out Consent Box

Once you have the MonsterInsights and its EU Compliance addon, the next thing you’ll need to do is create an opt-out consent box. This is to allow anyone to opt-out from websites sharing their data with third parties.

And a simple way of creating an opt-out consent box is by using free WordPress plugins like CookieBot or Cookie Notice. Both these plugins offer a built-in option to set up an opt-out consent box and they easily integrate with MonsterInsights as well.

Update Your Privacy Policy

Now that you have taken the steps to ensure your website meets compliance from a technical aspect, it is important to also update your privacy policy. Services like Termageddon offer an auto-updating privacy policy that allows you to quickly comply with any policy changes like CCPA.