California (CCPA - CPRA)

Created by Maximiliano Sarmiento, Modified on Fri, 08 Sep 2023 at 03:00 PM by Maximiliano Sarmiento

CCPA / CPRA privacy notices and their difference with GDPR


The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) are significant regulations concerning privacy and personal data in California.


The CPRA, which took effect on January 1, 2023, does not serve as a replacement for the CCPA but rather acts as an amendment to it. It expands upon the provisions of the CCPA by introducing additional requirements and modifying existing ones for businesses operating within California.


The CCPA safeguards the data of California residents from privacy infringements. Similar to the General Data Protection Regulation (GDPR), it also governs the usage of cookies involved in the sale of personal information. Nevertheless, there exists a crucial distinction between these two laws concerning cookie usage.


While the GDPR emphasizes both opt-in and opt-out approaches, the CCPA predominantly promotes an opt-out model for regulating data processing. Therefore, websites aiming for CCPA cookie compliance must offer an opt-out alternative to users, enabling them to withhold consent for the use of cookies that gather and sell their personal information.


If you want to know more about the different regulations you can access our article "Laws and regulations for each region"




Cookie banner compliant with this regulation


The CCPA mandates that companies furnish privacy notifications to their clientele. These notifications must be presented to users upon their initial visit to the website. There exist different forms of notifications, and you have the flexibility to utilize any of them in the form of a banner.


In order to adhere to these requirements, your cookie banner should possess the following attributes:


  • Provide Detailed Information About Cookie Use: The cookie banner should contain information about why the website uses cookies. For example, does it collect data for analytics, advertising, or social media purposes?
  • Link to the Website’s Cookie Policy: Here the website will provide further information about the cookies in use on the site, including a list of all the cookies.
  • Do Not Sell Button: Websites should include a link or a button on their homepage with the title “Do Not Sell My Personal Information.” The “Do Not Sell” page should include a link to the website’s privacy policy, as well as a button that lets them opt-out of personalized advertisements.


Observations: To be fully compliant in this region, it needs to use illow's US Opt-out banner.



If you want to know the different types of banner cookies that you can find on our platform, access our article "Types of banners you will find on our platform"

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article