[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"blog-slug_blog_3_1":3,"blog-slug_blog_when-does-the-ccpa-apply_1000_1":40},{"article":4,"articles":15,"meta":33,"languages":39},{"id":5,"title":6,"excerpt":7,"locale":8,"slug":9,"authorSlug":10,"automaticTranslated":11,"publishedAt":12,"updatedAt":13,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3060,"The EU wants to kill cookie banners","The EU wants to end annoying cookie pop-ups by letting users set their consent once in their browser. If passed, websites will have to respect those choices.","en","the-eu-wants-to-kill-cookie-banners-by-moving-consent-to-your-browser","iron-brands",false,"2025-11-20T05:40:14.356Z","2025-11-20T06:13:15.812Z","blog",[4,16,26],{"id":17,"title":18,"excerpt":19,"locale":8,"slug":20,"authorSlug":10,"automaticTranslated":11,"publishedAt":21,"updatedAt":22,"ctaTitle":23,"ctaDescription":24,"doFollowLinks":11,"showIndex":25,"showCallToActions":11,"articleType":14},3019,"Google is tracking you (even when you use DuckDuckGo)","Google tracks users even on DuckDuckGo via Analytics and embeds. A new study shows how deep Google’s web tracking really goes.","google-is-tracking-you-even-when-you-use-duck-duck-go","2025-07-14T08:56:41.709Z","2025-07-14T11:26:01.386Z","If you care about privacy, you don't use Google Analytics","Ditch the tracking, keep the insights. Try Simple Analytics.",true,{"id":27,"title":28,"excerpt":29,"locale":8,"slug":30,"authorSlug":10,"automaticTranslated":11,"publishedAt":31,"updatedAt":32,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3018," German court rules Meta’s tracking tech violates GDPR","German court rules Meta’s tracking tech violates GDPR, allowing lawsuits without proof of harm. Big risks ahead for sites using Meta pixels.","german-court-rules-meta-s-tracking-tech-violates-gdpr","2025-07-10T08:20:51.111Z","2025-07-10T12:16:26.327Z",{"pagination":34},{"page":35,"pageSize":36,"pageCount":37,"total":38},1,3,362,1084,{},{"article":41},{"contentHtml":42,"question":43,"content":44,"inlineMedia":45,"id":47,"title":43,"excerpt":48,"locale":8,"slug":49,"authorSlug":10,"automaticTranslated":11,"publishedAt":50,"updatedAt":51,"doFollowLinks":11,"showIndex":25,"showCallToActions":25,"articleType":14,"languages":52},"\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">The CCPA sits somewhere in between consumer law and privacy law. This creates some confusion as to which personal information the law applies to. Does it apply to all businesses? Does it apply to employee data and business-to-business transactions? And what about nonprofits?\u003C/ContentEditable>\n\u003Col class=\"counters\">\u003Cli>\u003CNuxtLink to=\"#does-the-ccpa-apply-to-all-businesses\">Does the CCPA apply to all businesses?\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#does-the-ccpa-only-apply-to-california-businesses\">Does the CCPA only apply to California businesses?\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#does-the-ccpa-apply-to-non-residents\">Does the CCPA apply to non-residents?\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#does-the-ccpa-apply-to-employees-and-business-to-business-transactions\">Does the CCPA apply to employees and business-to-business transactions?\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#does-the-ccpa-apply-to-nonprofits\">Does the CCPA apply to nonprofits?\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#conclusions\">Conclusions\u003C/NuxtLink>\u003C/li>\u003C/ol>\u003CCtaTwo />\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">Let’s find out!\u003C/ContentEditable>\n\u003CContentEditable  id=\"does-the-ccpa-apply-to-all-businesses\" parent=\"\" tag=\"h2\" :articleId=\"718\">Does the CCPA apply to all businesses?\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">No. The CCPA only applies to \u003Cstrong>large or data-intensive businesses.\u003C/strong>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">More exactly, the CCPA applies to companies if they do business in California and:\u003C/ContentEditable>\n\u003Col>\n\u003Cli>have a gross annual revenue of over $25M\u003C/li>\n\u003Cli>buy, sell, or share the personal information of 100,000 or more California residents, households, or devices\u003C/li>\n\u003Cli>make half their revenue or more from selling the personal information of California residents.\u003C/li>\n\u003C/ol>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">This rule is somewhat complex, so let’s break it down.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">The requirement to do business in California is \u003Cstrong>mandatory\u003C/strong>. If you don’t do business in California, then the CCPA does not apply to you.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">On the other hand, criteria 1, 2, and 3 are alternative. For instance: if a company does business in California, and half its revenue comes from selling personal information of California residents, then the CCPA applies regardless of the company’s size and annual revenue.\u003C/ContentEditable>\n\u003CContentEditable  id=\"does-the-ccpa-only-apply-to-california-businesses\" parent=\"\" tag=\"h2\" :articleId=\"718\">Does the CCPA only apply to California businesses?\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">No. The CCPA applies to companies that \u003Cstrong>do business in California\u003C/strong>, as long as any one of the other criteria is met. So, a multinational corporation with a turnover in the billions must comply with the CCPA if it does business in California, whether it is established in California, Delaware, or France.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">This is what lawyers refer to as the \u003Cstrong>extra-territorial reach\u003C/strong> of privacy law. Extra-territorial reach is very common in privacy law, and for good reason. The Internet has no physical boundaries, so personal data often flow between jurisdictions. If the reach of privacy laws were limited, most of its protections would become ineffective.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">Just think of how many US Big Tech you provide with your personal data on a daily basis. If Google and Apple could ignore the GDPR entirely, then what would be the point of imposing all sorts of rules and requirements on European organizations?\u003C/ContentEditable>\n\u003CContentEditable  id=\"does-the-ccpa-apply-to-non-residents\" parent=\"\" tag=\"h2\" :articleId=\"718\">Does the CCPA apply to non-residents?\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">No, the CCPA does not apply to the personal information of non-residents. \u003Cstrong>Only California residents have rights under the CCPA\u003C/strong>. This is a bummer because Silicon Valley giants process enormous amounts of personal information from non-residents all over the world.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">This is in sharp contrast with the GDPR because people have rights under the GDPR regardless of where they are and live. If an Italian company processes personal data from California residents, those residents have the exact same rights under the GDPR as Italian or Dutch citizens.\u003C/ContentEditable>\n\u003CContentEditable  id=\"does-the-ccpa-apply-to-employees-and-business-to-business-transactions\" parent=\"\" tag=\"h2\" :articleId=\"718\">Does the CCPA apply to employees and business-to-business transactions?\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">Yes, the CCPA applies to both employee information, and personal information reflecting business-to-business (B2B) transactions.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">These categories of personal information did not originally fall under the CCPA because the law included temporary exemptions. These exemptions expired in 2022 and were not renewed. As a result, these personal information fall under the CCPA since 2023.\u003C/ContentEditable>\n\u003CContentEditable  id=\"does-the-ccpa-apply-to-nonprofits\" parent=\"\" tag=\"h2\" :articleId=\"718\">Does the CCPA apply to nonprofits?\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">As a general rule, \u003Cstrong>the CCPA does not apply to nonprofits\u003C/strong>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">However, there can be \u003Cstrong>exceptions\u003C/strong> for nonprofits which are \u003Cstrong>strictly connected to a business\u003C/strong>. There are precise requirements for this under the CCPA:\u003C/ContentEditable>\n\u003Cul>\n\u003Cli>a business owns 50% or more of the voting securities for an entity, or controls at least 50 % of the voting power;\u003C/li>\n\u003Cli>the entity and the business share common branding;\u003C/li>\n\u003Cli>the business shares consumer’s personal information with the other entity.\u003C/li>\n\u003C/ul>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">These criteria are actually part of the definition of a business under the CCPA. So, when an entity fits these criteria, is considered to be a business under the CCPA and is subject to the same obligations as a business under the law whether it operates for profit or not.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">These criteria are fairly strict overall. In practice, most nonprofits can rest assured that the CCPA does not apply to them- although this is no excuse to be lazy and disregard privacy!\u003C/ContentEditable>\n\u003CContentEditable  id=\"conclusions\" parent=\"\" tag=\"h2\" :articleId=\"718\">Conclusions\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"718\">Hopefully this helped you understand the CCPA a little better. We like explaining privacy law because we care about privacy. This is why we built Simple Analytics to provide organizations with all the insights they need, without collecting personal data or tracking visitors! If this sounds good to you, feel free to give us a try!\u003C/ContentEditable>\n","When does the CCPA apply?","The CCPA sits somewhere in between consumer law and privacy law. This creates some confusion as to which personal information the law applies to. Does it apply to all businesses? Does it apply to employee data and business-to-business transactions? And what about nonprofits?\n\nLet’s find out!\n\n## Does the CCPA apply to all businesses?\nNo. The CCPA only applies to **large or data-intensive businesses.**\n\nMore exactly, the CCPA applies to companies if they do business in California and:\n1. have a gross annual revenue of over $25M\n2. buy, sell, or share the personal information of 100,000 or more California residents, households, or devices\n3. make half their revenue or more from selling the personal information of California residents.\n\nThis rule is somewhat complex, so let’s break it down.\n\nThe requirement to do business in California is **mandatory**. If you don’t do business in California, then the CCPA does not apply to you.\n\nOn the other hand, criteria 1, 2, and 3 are alternative. For instance: if a company does business in California, and half its revenue comes from selling personal information of California residents, then the CCPA applies regardless of the company’s size and annual revenue.\n\n## Does the CCPA only apply to California businesses?\n\nNo. The CCPA applies to companies that **do business in California**, as long as any one of the other criteria is met. So, a multinational corporation with a turnover in the billions must comply with the CCPA if it does business in California, whether it is established in California, Delaware, or France.\n\nThis is what lawyers refer to as the **extra-territorial reach** of privacy law. Extra-territorial reach is very common in privacy law, and for good reason. The Internet has no physical boundaries, so personal data often flow between jurisdictions. If the reach of privacy laws were limited, most of its protections would become ineffective.\n\nJust think of how many US Big Tech you provide with your personal data on a daily basis. If Google and Apple could ignore the GDPR entirely, then what would be the point of imposing all sorts of rules and requirements on European organizations?\n\n## Does the CCPA apply to non-residents?\n\nNo, the CCPA does not apply to the personal information of non-residents. **Only California residents have rights under the CCPA**. This is a bummer because Silicon Valley giants process enormous amounts of personal information from non-residents all over the world.\n\nThis is in sharp contrast with the GDPR because people have rights under the GDPR regardless of where they are and live. If an Italian company processes personal data from California residents, those residents have the exact same rights under the GDPR as Italian or Dutch citizens.\n\n## Does the CCPA apply to employees and business-to-business transactions?\n\nYes, the CCPA applies to both employee information, and personal information reflecting business-to-business (B2B) transactions.\n\nThese categories of personal information did not originally fall under the CCPA because the law included temporary exemptions. These exemptions expired in 2022 and were not renewed. As a result, these personal information fall under the CCPA since 2023.\n\n## Does the CCPA apply to nonprofits?\n\nAs a general rule, **the CCPA does not apply to nonprofits**.\n\nHowever, there can be **exceptions** for nonprofits which are **strictly connected to a business**. There are precise requirements for this under the CCPA:\n- a business owns 50% or more of the voting securities for an entity, or controls at least 50 % of the voting power;\n- the entity and the business share common branding;\n- the business shares consumer’s personal information with the other entity.\n\nThese criteria are actually part of the definition of a business under the CCPA. So, when an entity fits these criteria, is considered to be a business under the CCPA and is subject to the same obligations as a business under the law whether it operates for profit or not.\n\nThese criteria are fairly strict overall. In practice, most nonprofits can rest assured that the CCPA does not apply to them- although this is no excuse to be lazy and disregard privacy!\n\n## Conclusions\n\nHopefully this helped you understand the CCPA a little better. We like explaining privacy law because we care about privacy. This is why we built Simple Analytics to provide organizations with all the insights they need, without collecting personal data or tracking visitors! If this sounds good to you, feel free to give us a try!\n\n",{"data":46},null,718,"The CCPA only applies to some companies and organizations: here's which!","when-does-the-ccpa-apply","2023-08-11T08:47:45.647Z","2023-08-15T11:52:29.780Z",{"en":53,"de":54,"fr":56,"it":58,"es":60,"nl":62},{"slug":49},{"slug":55},"wann-ist-das-ccpa-anwendbar",{"slug":57},"quand-le-ccpa-s-applique-t-il",{"slug":59},"quando-si-applica-il-ccpa",{"slug":61},"cuando-se-aplica-la-ccpa",{"slug":63},"wanneer-is-de-ccpa-van-toepassing"]