Stay compliant.
The California Consumer Privacy Act
came into effect in 2020.

Introducing the CCPA

The California Consumer Privacy Act has came into effect on January 1, 2020. The CCPA creates new rights for California residents, such as the rights related to the access, deletion and sharing of personal information, when collected by businesses.
Case Studies

What changes under the CCPA?

What is the 2nd Payment Service Directive (PSD2)?
The goal of the California Consumer Privacy Act is to expand California residents' current privacy rights by requiring businesses to be more transparent in data processing activities. The CCPA will grant consumers new rights: the right to know (how personal data is collected, processed, and stored and what data is handled), the right to deletion (from a business or from business providers' records), the right to opt out of sale of personal data and the right to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA.
In sequence, new business obligations arise under this expansion of privacy rights: the obligation to provide notice (about data collection, before/at the time of collection), the obligation to create response procedures (to customer data requests), he obligation to respond to consumer requests (for know, delete or opt-out), the obligation to verify consumer identity (for know or delete data requests), the obligation to disclose financial incentives (related to data handling) and the obligation to maintain records of customer requests and business responses (for 24 months).

Who does the CCPA apply to?

The CCPA applies to for-profit organizations that do business in the State of California, and either collect personal information about California consumer residents or determine the purpose of data collection or processing, and which meet at least one of the following conditions:
What is the 2nd Payment Service Directive (PSD2)?
Annual gross revenue:
$25 million+.
What is the 2nd Payment Service Directive (PSD2)?
The business processes, directly or
indirectly, the information of 50,000+
consumers, households or devices
What is the 2nd Payment Service Directive (PSD2)?
The business generates 50% or more
of yearly revenues
from selling
consumer information.

What is considered personal
information under the CCPA?

  • Identifiers, including but not limited to real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver's license numb
  • Biometric information, meaning an individual's physiological, biological or behavioral characteristics, including an individual's deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity. Biometric information includes, but is not limited to imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns; voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted; and keystroke patterns or rhythms; gait patterns or rhythms; and sleep, health, or exercise data that contain identifying information.
  • Characteristics of protected classifications under California or federal law such as race, gender, disability, etc.
  • What is considered personal information under the CCPA?
  • Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Internet or other electronic network activity information, including, but not limited to browsing history, search history, and information regarding a consumer's interaction with an Internet website, application, or advertisement.
  • Geolocation data.
  • Audio, electronic, visual, thermal, olfactory, or similar information.
  • Professional or employment-related information.
  • Education information.

CCPA compliance with 2Checkout

CCPA compliance with 2Checkout
The CCPA has come into effect January 1, 2020. Information regarding the rulemaking process is posted on this page.
2Checkout is already GDPR-compliant in EU and a Privacy Shield certified member for EU-US and Swiss-US. CCPA is just another mile stone for us in our continuance work towards data protection. We are following closely the developments and possible updates of the CCPA regulation, so we can be a data protection compliant partner to you.
With 2Checkout, Your Online Business is Covered


We have compiled a list of questions that we have noted that our clients and partners are frequently asking regarding CCPA.

Is 2Checkout compliant with CCPA?

2Checkout takes privacy, security and complying with data protection and privacy laws seriously. Our Privacy Policy gives full visibility of how we collect, use, share and protect personal information when using our products, services and our website.

Does the CCPA apply to B2B sales?

Yes, it may apply also for B2B sales when we collect personal information of the company representatives.

Does the CCPA apply to website cookies?

Yes, to some extent it applies also to cookies.

2Checkout and "Do Not Sell My Personal Information"?

2Checkout only uses consumer data for the purpose of the transaction and it does not sell any data or use it for other purposes.
Simplify the eCommerce process. Try 2Checkout.
The most flexible digital commerce platform that can give your business a real boost.