CCPA Compliance

Personal Information

The CPA extends the definition of personal data to include anonymous website activity logs, even if they don't involve IP addresses. Neither the GDPR nor CalOPPA defines personal information so broadly. There is no special consideration under the CCPA for "special" or "sensitive" categories of data, however, as is the case with the GDPR.


The GDPR defines a child as an individual under the age of 16 while COPPA's rule is below the age of 13. The CPA is more specific. For the CCPA, an individual under the age of 16 must provide opt-in consent for their personal information to be sold. Children under the age of 13 must provide valid parental consent in order for their information to be sold.