CCPA(California Consumer Privacy Act)
- CCPA(캘리포니아 소비자 개인 정보 보호법)는 미국 최초의 포괄적인 개인정보 보호법
CCPA 법적 요구사항 요약
CCPA 조항 | CCPA 원문 | 법적 요구사항 요약 |
#1798.10 | (b) A business that collects a consumer’s personal information shall, at or before the point of collection, inform consumers as to the categories of personal information to be collected and the purposes for which the categories of personal information shall be used. A business shall not collect additional categories of personal information or use personal information collected for additional purposes without providing the consumer with notice consistent with this section. | 개인정보 수집 시점에 수집하는 개인정보 카테고리, 수집목적을 소비자에게 고지해야 함 |
#1798.105 | (b) A business that collects personal information about consumers shall disclose, pursuant to Section 1798.130, the consumer’s rights to request the deletion of the consumer’s personal information. | 소비자가 개인정보 삭제를 요구할 수 있는 권리가 있음를 알려야 함 |
#1798.110 | (a) A consumer shall have the right to request that a business that collects personal information about the consumer disclose to the consumer the following: (1) The categories of personal information it has collected about that consumer. (2) The categories of sources from which the personal information is collected. (3) The business or commercial purpose for collecting or selling personal information. (4) The categories of third parties with whom the business shares personal information. (5) The specific pieces of personal information it has collected about that consumer. |
(1)~(5)까지 수집된 개인정보 관련 내용을 소비자에게 공개해야 함 (1) 수집된 개인정보 카테고리 (2) 수집 출처 카테고리 (3) 수집/판매 목적 (4) 개인정보를 공유한 제3자 카테고리 (5) 수집한 개인정보의 특정 부분 |
#1798.115 | (a) A consumer shall have the right to request that a business that sells the consumer’s personal information, or that discloses it for a business purpose, disclose to that consumer: (1) The categories of personal information that the business collected about the consumer. (2) The categories of personal information that the business sold about the consumer and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each category of third parties to whom the personal information was sold. (3) The categories of personal information that the business disclosed about the consumer for a business purpose. |
(1)~(3)까지 판매된 개인정보 관련 내용을 소비자에게 공개해야 함 (1) 수집된 개인정보 카테고리 (2) 판매된 개인정보의 카테고리, 개인정보가 판매된 제3자의 카테고리 (3) 사업자가 업무상 목적으로 소비자에 대해 공개했던 개인정보 카테고리 |
#1798.120 | b) A business that sells consumers’ personal information to third parties shall provide notice to consumers, pursuant to subdivision (a) of Section 1798.135, that this information may be sold and that consumers have the “right to opt-out” of the sale of their personal information. | 소비자가 제3자에게 개인정보 판매 거부권을 행사할 수 있는 권리가 있음을 알려야 함(옵트아웃) CCPA 개인정보처리방침에 옵트아웃 권리 기재하 do not sell my information 링크 추가 |
#1798.125 | (a) (1) A business shall not discriminate against a consumer because the consumer exercised any of the consumer’s rights under this title, including, but not limited to, by: | 소비자가 CCPA에 규정된 권리(열람권,삭제권, 판매금지요구권) 등을 행사했다는 이유로 불이익을 주면 안됨 |
#1798.130 | (a) In order to comply with Sections 1798.100, 1798.105, 1798.110, 1798.115, and 1798.125, a business shall, in a form that is reasonably accessible to consumers: (1) (A) Make available to consumers two or more designated methods for submitting requests for information required to be disclosed pursuant to Sections 1798.110 and 1798.115, including, at a minimum, a toll-free telephone number. A business that operates exclusively online and has a direct relationship with a consumer from whom it collects personal information shall only be required to provide an email address for submitting requests for information required to be disclosed pursuant to Sections 1798.110 and 1798.115. |
소비자의 권리 행사를 위해 2개 이상의 연락처를 제공해야 함. 단, 온라인 상으로만 소비자의 개인정보를 처리하는 경우, 이메일 주소만 제공하면 됨 |
#1798.130 | (B) If the business maintains an internet website, make the internet website available to consumers to submit requests for information required to be disclosed pursuant to Sections 1798.110 and 1798.115. | 웹사이트에 소비자의 권리 공개 |
#1798.130 | (2) Disclose and deliver the required information to a consumer free of charge within 45 days of receiving a verifiable consumer request from the consumer. The business shall promptly take steps to determine whether the request is a verifiable consumer request, but this shall not extend the business’ duty to disclose and deliver the information within 45 days of receipt of the consumer’s request. | 소비자로부터 확인 가능한 요청을 받은 후 45일 이내에 필요한 정보를 무료로 제공해야 함(합리적인 사유가 있다면, 소비자에게 연장 요청하고 1회에 한해 45일 기간 연장 가능) |
#1798.130 | (B) Identify by category or categories the personal information collected about the consumer in the preceding 12 months by reference to the enumerated category or categories in subdivision (c) that most closely describes the personal information collected. | 소비자의 정보공개 요구 시, 최근 12개월 이내의 정보만 제공하면 됨 |
#1798.130 | (5) Disclose the following information in its online privacy policy or policies if the business has an online privacy policy or policies and in any California-specific description of consumers’ privacy rights, or if the business does not maintain those policies, on its internet website and update that information at least once every 12 months: | 온라인 Privacy Policy가 있는 경우 해당 정책의 캘리포니아 소비자 프라이버시 권리 내역에, Privacy Policy가 없는 경우 별도의 CCPA용 정책에 관련 내용(#1798.130)을 공개하고 최소 연1회 업데이트 해야 함 |
#1798.130 | (A) A description of a consumer’s rights pursuant to Sections 1798.100, 1798.105, 1798.110, 1798.115, and 1798.125 and one or more designated methods for submitting requests. (B) For purposes of subdivision (c) of Section 1798.110, a list of the categories of personal information it has collected about consumers in the preceding 12 months by reference to the enumerated category or categories in subdivision (c) that most closely describe the personal information collected. (C) For purposes of paragraphs (1) and (2) of subdivision (c) of Section 1798.115, two separate lists: (i) A list of the categories of personal information it has sold about consumers in the preceding 12 months by reference to the enumerated category or categories in subdivision (c) that most closely describe the personal information sold, or if the business has not sold consumers’ personal information in the preceding 12 months, the business shall disclose that fact. (ii) A list of the categories of personal information it has disclosed about consumers for a business purpose in the preceding 12 months by reference to the enumerated category in subdivision (c) that most closely describe the personal information disclosed, or if the business has not disclosed consumers’ personal information for a business purpose in the preceding 12 months, the business shall disclose that fact. |
(A) 소비자 권리요청을 위한 이메일 주소 (B) 최근 12개월간 수집한 개인정보의 카테고리 (C) (i) 최근 12개월간 판매한 개인정보의 카테고리 (ii) 최근 12개월간 사업목적으로 공개한 소비자의 개인정보 카테고리 |
#1798.135 | (1) Provide a clear and conspicuous link on the business’s Internet homepage, titled “Do Not Sell My Personal Information,” to an Internet Web page that enables a consumer, or a person authorized by the consumer, to opt-out of the sale of the consumer’s personal information. A business shall not require a consumer to create an account in order to direct the business not to sell the consumer’s personal information. | 웹사이트에 “Do Not Sell My Personal Information,”링크 게시 |
#1798.135 | (2) Include a description of a consumer’s rights pursuant to Section 1798.120, along with a separate link to the “Do Not Sell My Personal Information” Internet Web page in: (A) Its online privacy policy or policies if the business has an online privacy policy or policies. (B) Any California-specific description of consumers’ privacy rights. |
소비자에게 개인정보를 판매하지 않을 권리가 있음을 CCPA 개정처에 게시해야 함 |
#1798.135 | (b) Nothing in this title shall be construed to require a business to comply with the title by including the required links and text on the homepage that the business makes available to the public generally, if the business maintains a separate and additional homepage that is dedicated to California consumers and that includes the required links and text, and the business takes reasonable steps to ensure that California consumers are directed to the homepage for California consumers and not the homepage made available to the public generally. | 캘리포니아 이용자가 일반인용 홈페이지가 아닌, 캘리포니아 소비자용 홈페이지로 가도록 합리적 조치를 취해야 한다 |
1798.140. | (1) A sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners that collects consumers’ personal information or on the behalf of which that information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers’ personal information, that does business in the State of California, and that satisfies one or more of the following thresholds: (A) Has annual gross revenues in excess of twenty-five million dollars ($25,000,000), as adjusted pursuant to paragraph (5) of subdivision (a) of Section 1798.185. (B) Alone or in combination, annually buys, receives for the business’s commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices. (C) Derives 50 percent or more of its annual revenues from selling consumers’ personal information. |
CCPA는 캘리포니아에서 다음 중 하나 이상을 충족하는 회사에만 적용 (1) 총 매출이 2천 5백만 달러 이상이고, (2) 소비자 개인 정보를 판매하여 연간 매출의 50% 이상을 도출하고, 또는 (3) 5만 명 이상의 소비자 개인 정보를 구매, 판매 또는 공유하는 경우 |
'Compliance' 카테고리의 다른 글
[Day 257] 가명정보 처리대상 (0) | 2021.04.23 |
---|---|
[Day 232] 옵트인(Opt-in), 옵트아웃(Opt-out) (0) | 2021.03.29 |
[Day 195] 바이오정보 (0) | 2021.02.21 |
[Day 194] 위치정보 (0) | 2021.02.20 |
[Day 193] 위탁, 제3자제공 차이 (0) | 2021.02.19 |