8 CCPA Website Requirements for Compliance
If your business is subject to the California Consumer Protection Act CCPA, here’s eight things your website needs in order to be compliant.
Does my Cookie Banner need a Reject All button?
Compliance sucks.
We make it simple.
Create a tailored Privacy Policy, Terms & more in under 5 minutes.
Unsure if your cookie banner needs a “Reject All” button? Here’s our recommendation for GDPR and CCPA compliance, based on the express provisions of the governing regulation and recommendations from official bodies with legal personality, or official government agencies.
Looking for a GDPR / CCPA compliant cookie banner? Try ours!
Cookie Consent BannerTo be safe, add a reject all button to your cookie banner
Including a ‘Reject All’ button on the first level of your consent banner is the easiest way to ensure you’re compliant with privacy laws. Why second guess yourself? Besides, why are you making it so hard for your users to make pro privacy choices? If you’re worried about losing your Google Analytics data, just use Google Consent Mode. This way you can keep some important marketing data, and your users can keep their privacy rights!
Does your cookie banner need a reject all button under the GDPR?
If the GDPR applies to you, we recommend you provide a ‘Reject All’ button whenever you provide an ‘Accept All’ button.
The official GDPR text states:
“Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent“
This might sound a little ambiguous so here’s an interpretation from the European Data Protection Board’s (EDPB) cookie banner task force from their report of the work undertaken by the Cookie Banner Taskforce
“When authorities were asked whether they would consider that a banner which does not provide for accept and refuse/reject/not consent options on any layer with a consent button is an infringement of the ePrivacy Directive, a vast majority of authorities considered that the absence of refuse/reject/not consent options on any layer with a consent button of the cookie consent banner is not in line with the requirements for a valid consent and thus constitutes an infringement.”
Does your cookie banner need a reject all button under the CCPA?
If the CCPA applies to you, we recommend that you provide a ‘Reject All’ button whenever you provide an ‘Accept All’ button.
According to the California Privacy Protection Agency Enforcement Division’s Enforcement Advisory no. 2024-02, you should follow the principle of ‘symmetry in choice’.
“Symmetry in choice. The path for a consumer to exercise a more privacy-protective option shall not be longer or more difficult or time-consuming than the path to exercise a less privacy-protective option because that would impair or interfere with the consumer’s ability to make a choice.”
If you’re unsure how to interpret this, the CPPA provides specific guidance that businesses should ask themselves:
- Is the language used to communicate with consumers easy to read and understandable?
- Is the language used straightforward and does it avoid technical or legal jargon?
- Is the consumer’s path to saying “no” longer than the path to saying “yes”?
- Does the user interface make it more difficult to say “no” rather than “yes” to the requested use of personal information?
- Is it more time-consuming for the consumer to make the more privacy-protective choice?
If you answered yes to any of these, your cookie banner probably isn’t meeting the CCPA’s requirements!
So, do you need a Reject All button on your cookie consent banner?
If you have an ‘Accept All’ button on the first level of your consent banner, our recommendation is that you should absolutely provide a ‘Reject All’ button on the same level.
Sources
Related Articles
The Plain English Guide to CCPA Compliance
A compliance guide for The California Consumer Privacy Act (CCPA)
What is Personal Information in Data Privacy?
Learn what personal information is, why it's protected, and the different ways countries around the world define it.
