CCPA (California Consumer Privacy Act) is a US state privacy law that grants California residents specific rights over their personal data and requires businesses that meet certain thresholds to comply with those rights. Enacted in 2018 and significantly expanded by the CPRA (California Privacy Rights Act) in 2023, CCPA is the most significant US consumer privacy regulation and is often treated as a de facto national standard by US e-commerce brands.
CCPA applies to for-profit businesses that collect personal information from California residents and meet at least one of the following thresholds: annual gross revenue over $25 million; buying, selling, or sharing the personal data of 100,000+ consumers or households per year; or deriving 50%+ of annual revenue from selling personal data. Most scaling Shopify brands with significant US traffic will meet at least one threshold.
Right to know - consumers can request disclosure of what personal data a business has collected about them and how it is used. Right to delete - consumers can request deletion of their personal data (with certain exceptions). Right to opt out - consumers can direct businesses not to sell or share their personal information. This is the most operationally significant right for ad-supported businesses: you must provide a clear Do Not Sell or Share My Personal Information link on your site. Right to non-discrimination - businesses cannot deny service or charge different prices to consumers who exercise their privacy rights.
The most relevant CCPA implications for Shopify e-commerce brands are: ensuring your privacy policy accurately describes what data you collect and how it is used; implementing a compliant opt-out mechanism for data sharing (relevant if you share customer data with ad platforms for targeting - pixel data, cookie data, and customer list uploads to Meta or Google may constitute data sharing under CCPA); and responding to consumer data access and deletion requests within the required timeframe (45 days). Shopify's privacy law compliance apps and Klaviyo's consent management features support CCPA compliance within the standard Shopify stack.
.png)
.png)
