The California Consumer Privacy Act: What Retailers Should Know and How Nosto Has Prepared for It

The California Consumer Privacy Act: What Retailers Should Know and How Nosto Has Prepared for It

Disclaimer: The content in this post is not – and should not be interpreted as – legal advice. For detailed information regarding the technicalities of CCPA, please seek legal counsel.



If you’re a business serving clients within the State of California, you’ve likely heard of the California Consumer Privacy Act going into effect on 1 January 2020 (“CCPA”). The CCPA will essentially change the way businesses can collect and process any personal data from California residents and it follows the trend started by the EU General Data Protection Regulation (GDPR) which was introduced in 2018.

To help your business remain CCPA compliant, we’ve put together a rundown of what you should know (and what you’ve likely asked yourself) regarding CCPA – as well as the tools we at Nosto have put in place to help ensure our clients abide by CCPA regulations.



What is the CCPA?

The California Consumer Privacy Act (CCPA, for short) is a Californian data protection regulation that grants consumers new rights with respect to the collection of their personal information. In the context of the CCPA, the term “consumer” refers to a California resident. The CCPA essentially reshapes the way organizations across the U.S. approach data protection – strengthening data protection for all individuals who interact with these businesses.



Even though CCPA is a Californian regulation, could it also apply to U.S. companies outside of California?

The short answer: yes, it could apply to U.S. companies outside of California. While the CCPA is a regulation binding and applicable across the State of California, it has implications and requirements for all non-Californian businesses processing California residents’ data.

The CCPA obligations apply to an organization (“business”) that:

1. is for-profit

2. collects consumers’ personal information, or on the behalf of which such information is collected

3. determines the purposes and means of the processing of consumers’ personal information

4. does business in California

5. meets any of the following thresholds –

  • has annual gross revenue in excess of $25 million
  • alone or in combination, annually buys, receives for the business’s commercial purposes, sells or shares for commercial purposes the personal information of 50,000 or more consumers, households, or devices, or
  • derives 50% or more of its annual revenues from selling consumers’ personal information.

If an online retailer located outside of California processes the data of a California resident, that data must be processed and stored according to the CCPA, and not only following the legislation of the retailer’s business location. This is why we have applied changes throughout our customer base, regardless of business location; this way all Nosto-powered retailers regardless of their location can be CCPA compliant.



How has Nosto prepared for CCPA?

We take data privacy very seriously. The introduction of the GDPR was an important milestone for us, and in preparation for GDPR, we fine-tuned our processes in order to cater for the needs of the regulation. The CCPA is in many ways quite similar to the GDPR and has therefore not required extensive changes to our infrastructure or processes.



Which data types are gathered?

The Nosto service allows merchants to control the personal data that is gathered from the consumers and has built-in tools to assist the Nosto-powered retailers in fulfilling the requirements of the CCPA.

The Nosto Service has the capability to collect the following data types: first name, last name, email address, user agent (browser), IP address, events, viewed products, order events, cart content, liked products, image files, disliked products, external campaign attributions, clicked recommendations, order information, phone number, zip code, country code and sent emails.

Disabling data types will have a negative impact on the functionality of the Nosto service. For example, disabling emails will prevent Nosto from sending triggered emails.



How do I manage the data that is in the Nosto Service?

Nosto-powered retailers can extract and/or deleted data through the back-end of the Nosto Service. This will assist the retailer in complying with consumers’ disclosure or data deletion requests.



What else do I have to know about CCPA?

Please bear in mind that businesses must inform end-users about the types of information that will be collected from them and how it will be used. They may also be required to post links and information on their websites. Please seek legal counsel in order to ensure that your business fully comply with the relevant obligations.

Explore more articles

Introducing the Nosto Customer Community: Elevating our Clients’ Experience with us
Ecommerce Introducing the Nosto Customer Community: Elevating our Clients’ Experience with us

At Nosto, we’ve always been committed to providing our clients with a powerful platform that enables them to create relevant and authentic commerce experiences. Additionally, we believe in fostering a sense of community among our users, that enables them to learn, grow, and thrive together.  As such, we e are thrilled to introduce the Nosto […]

Read more
What’s new in Nosto: Enhanced Klaviyo integration for hyper-personalized shopping experiences across channels
Ecommerce What’s new in Nosto: Enhanced Klaviyo integration for hyper-personalized shopping experiences across channels

In an ideal world, ecommerce and marketing teams would collaborate seamlessly to create personalized and consistent customer experiences across marketing campaigns and websites. However, disjointed data, tools, and workflows make this challenging. That’s why we launched a new integration with Klaviyo to leverage the preferred technologies of both teams and create the synergies needed to […]

Read more
Nosto launches new Klaviyo integration to help online retailers scale hyper-personalized, cross-channel shopping experiences
Ecommerce Nosto launches new Klaviyo integration to help online retailers scale hyper-personalized, cross-channel shopping experiences

Nosto’s Commerce Experience Platform (CXP) today announced a new integration with Klaviyo, the platform that powers smarter digital relationships. This new integration will unify marketing and ecommerce data, tools, and workflows to help brands seamlessly deliver hyper-personalized, cross-channel commerce experiences at scale. — New York, March 19, 2024—Nosto, the leading Commerce Experience Platform (CXP), today […]

Read more
Nosto reports +57% increase in the number of enterprise Shopify merchants using its platform for search, merchandising, and personalization over the last 12 months
Ecommerce Nosto reports +57% increase in the number of enterprise Shopify merchants using its platform for search, merchandising, and personalization over the last 12 months

New York, March 15, 2024—Nosto, the leading Commerce Experience Platform (CXP), has reported that the number of enterprise Shopify merchants with over 100M USD in gross merchandising value (GMV) using their CXP for search, merchandising, and personalization has grown by 57% in the last 12 months, and 267% in the last five years.  Shopify Enterprise […]

Read more