State laws throughout the United States have recently been passed to provide greater privacy protections to website users. These laws also impose certain obligations on your business if you use Google Analytics.
Which states passed laws and what do the laws say?
The states and their respective laws are:
- California Consumer Privacy Act (CCPA)
- Colorado Privacy Act (CPA)
- Virginia Consumer Data Protection Act (VCDPA)
In brief, these laws require websites that process or sell data using Google Analytics, and/or run targeted ads using Google Ads to offer users the ability to opt out of the processing or sale of their data. The state of Colorado goes one step further requiring websites to provide a privacy notice to all users which states that Google Analytics is being used to collect browsing data.
OK, but my company is not based in California, Colorado, or Virginia. So am I good?
These laws aim to protect the personal data of residents from these states. This means that regardless of where your company is based, you have a legal obligation to users of your website. It is difficult, if not impossible, to prevent users from these states from accessing your website, so in practice, these laws are applicable to all companies, regardless of state.
Are there any exceptions?
If you don’t currently use Google Analytics and/or Google Ads, and don’t anticipate ever using Google Analytics and/or Google Ads, then you are exempt.
What do I need to do to stay compliant?
Xtern can build and maintain a privacy pop-up that you serve to users when they arrive at your website (you will need to provide verbiage to us). If you do not use Google Ads, this pop-up will suffice. If you use Google Ads, you will also need to provide users with a “Do Not Share My Personal Information” link, ideally in the website footer. Xtern can build and maintain this footer, as well.
For websites with additional complexity or additional concerns, there are a variety of compliance management or privacy management software companies that can address specific nuances. You may also wish to consult a lawyer. Xtern Software can build any notification that your company has been advised to implement.
What are the next steps?
Xtern can build a privacy pop-up and/or website footer, and they can be implemented as soon as we receive your verbiage.