Growth Marketing Glossary

CCPA (California Consumer Privacy Act)

C·C·P·Anoun (law)

California's privacy floor — the right to know, delete, and opt out of the sale of your data, and the model other states copied.

CA lawright to knowright to deleteright to opt out of saleCalifornia's consumer privacy rights, 2020
Schematic — California's consumer privacy rights
Term
CCPA (California Consumer Privacy Act)
Is
California Consumer Privacy Act
Signed
June 28, 2018 (AB 375), effective Jan 1, 2020
Extended by
CPRA (Prop 24), effective Jan 1, 2023

Forms & parts of speech

CCPA · noun
California's privacy law.
"The 'Do Not Sell or Share' link in the footer - that's CCPA compliance, not a design choice."

Definition in plain terms

The CCPA — California Consumer Privacy Act — is the state law giving California residents enforceable rights over the personal information businesses collect about them. Signed on June 28, 2018 as Assembly Bill 375 and effective January 1, 2020, it was the first comprehensive consumer privacy law in the United States, and it made California the de facto privacy regulator for American marketing, because few national businesses can ignore their largest state market.

The mechanics

The CCPA grants consumers a short list of powerful rights: to know what personal information a business collects and how it is used, to request deletion, to opt out of the sale of their data (the law's famous 'Do Not Sell' link), and to not be discriminated against for exercising any of these. It applies to for-profit businesses over revenue or data-volume thresholds, with penalties enforced by the state. The California Privacy Rights Act (CPRA) — Proposition 24, passed by voters in November 2020 and effective January 1, 2023 — then extended the regime: it added the right to correct data, expanded 'sale' to cover 'sharing' for cross-context behavioral advertising (closing the loophole adtech had been driving through), created the category of sensitive personal information, and stood up a dedicated enforcement agency, the California Privacy Protection Agency. For marketers the practical consequences are concrete. Third-party data flows — pixels, audience sharing, RETARGETING feeds — can constitute 'sharing' requiring an opt-out path; the 'Do Not Sell or Share' link and honoring opt-out signals like Global Privacy Control are compliance surface; and the law rewards FIRST-PARTY DATA strategies built on consent. Unlike GDPR, the CCPA is opt-out rather than opt-in — collection is lawful by default, but the exit door must work.

When it matters

The CCPA matters to any business marketing to Californians above the law's thresholds — which captures most national brands — and its template spread: a wave of state laws (Virginia, Colorado, Connecticut, and more) copied its architecture, so building to CCPA-plus-CPRA standards is how teams stay ahead of the patchwork. The discipline is to treat privacy as infrastructure rather than legal theater. Map where personal data flows into ad platforms, wire the opt-out so it actually stops the sharing, honor Global Privacy Control signals, and prefer consented first-party data — because enforcement actions have repeatedly targeted marketing pixels and broken opt-outs, not exotic data abuses. (This is general information, not legal advice; consult counsel for specific obligations.)

Worked example. A national retailer treats its 'Do Not Sell' link as a checkbox exercise — the link exists, but its Meta and ad-platform pixels keep firing audience data for opted-out Californians, because nobody wired the preference into the tag manager. A privacy sweep flags exactly that gap, the pattern California enforcement has repeatedly pursued. The fix is operational, not legal: opt-out status becomes a signal the tag manager respects, Global Privacy Control headers suppress sharing automatically, the consent platform and CRM reconcile nightly, and remaining audience targeting shifts toward consented first-party segments. Compliance stops being a footer link and becomes a data flow that provably turns off — which is what the law was asking for all along.
Failure modes to watch. Treating the 'Do Not Sell or Share' link as decoration while pixels keep sharing; ignoring Global Privacy Control signals; assuming opt-out-by-default means nothing needs building; conflating CCPA with GDPR's opt-in consent model; and leaving privacy to legal while the actual data flows live in the tag manager nobody audits.

Synonyms & antonyms

Synonyms

CCPACalifornia Consumer Privacy ActCCPA/CPRA

Antonyms

GDPR (opt-in regime)unregulated data sale

Origin & history

The CCPA began as a 2018 ballot-initiative threat by privacy advocate Alastair Mactaggart, which the California legislature pre-empted by passing AB 375 in a single week — Governor Jerry Brown signed it on June 28, 2018. Voters then entrenched and extended the regime through Proposition 24 (the CPRA) in November 2020, making California's framework the template most US state privacy laws now follow.

Etymology: source.

Usage trends

Search interest for this term over the last five years:

View interest-over-time on Google Trends →

Common questions

What is the CCPA?
The California Consumer Privacy Act — signed June 28, 2018 and effective January 1, 2020 — giving Californians the right to know, delete, and opt out of the sale of their personal information.
What did the CPRA change?
Proposition 24 (passed November 2020, effective January 1, 2023) added the right to correct, expanded 'sale' to cover 'sharing' for behavioral advertising, defined sensitive data, and created the California Privacy Protection Agency.
How does the CCPA affect marketers?
Pixel and audience-sharing flows can count as 'sharing' requiring a working opt-out, Global Privacy Control signals must be honored, and consented first-party data becomes the safest foundation for targeting.

Related tools & calculators

Resources & people to follow

Curated, non-competitor resources verified per term.

Related training

Disciplines

Areas of marketing where ccpa is a core concern:

Sources

  1. trendsGoogle Trends — "ccpa"