CCPA Website Accessibility Compliance (WCAG 2.1 AA)

The California Consumer Privacy Act (CCPA) was passed on June 28, 2018 to provide California consumers rights to their personal information. Here’s what you need to know about CCPA compliance as it relates to web accessibility.

The Law

The CCPA not only provides rights to personal information but requires that those rights be accessible to individuals of all abilities.  Per Section 1798.130.(a):

In order to comply with Sections 1798.100, 1798.105, 1798.110, 1798.115, and 1798.125, a business shall, in a form that is reasonably accessible to consumers:

(1) (A) Make available to consumers two or more designated methods for submitting requests for information required to be disclosed pursuant to Sections 1798.110 and 1798.115, including, at a minimum, a toll-free telephone number. A business that operates exclusively online and has a direct relationship with a consumer from whom it collects personal information shall only be required to provide an email address for submitting requests for information required to be disclosed pursuant to Sections 1798.110 and 1798.115.

(B) If the business maintains an internet website, make the internet website available to consumers to submit requests for information required to be disclosed pursuant to Sections 1798.110 and 1798.115.

In the Final Text of Proposed Regulations published on August 14, 2020 under Article 2. Notices to Consumers, § 999.305.(2)(d) Notice at Collection of Personal Information:

The notice at collection shall be designed and presented in a way that is easy to read and understandable to consumers. The notice shall:

Be reasonably accessible to consumers with disabilities. For notices provided online, the business shall follow generally recognized industry standards, such as the Web Content Accessibility Guidelines, version 2.1 of June 5, 2018, from the World Wide Web Consortium, incorporated herein by reference. In other contexts, the business shall provide information on how a consumer with a disability may access the notice in an alternative format.

The key takeaway is that in order for notices provided online to be CCPA compliant, businesses must follow WCAG 2.1 standards (presumably conformance level AA since no conformance level is mentioned).

Practical Implications

The practical effect of the CCPA’s incorporation of WCAG 2.1 AA comes down to not only making sure that your CCPA related pages (e.g., notice at collection, notice of right to op out of sale, notice of financial incentive, and privacy policy) are WCAG 2.1 AA conformant, but that they are accessible by means of navigation:

• Your privacy policy pages should be easy to locate (e.g., link in the footer, link in the sitemap, and/or findable through search).
• Your website must be fully keyboard navigable, which means that your policy can be accessed using only a keyboard (i.e., mouse navigation isn’t required to get to your privacy policy pages).

While you’re addressing WCAG 2.1 AA conformance for CCPA compliance, it makes sense to ensure your entire website is accessible for compliance with anti-discrimination laws, including the Americans with Disabilities Act and California’s Unruh Act.

Timeline

The California legislature has passed multiple amendments to the CCPA.  One amendment stated that the CCPA would be enforced no earlier than January 1, 2020, but the CCPA also requires the California Attorney General to adopt regulations / guidelines to help fill in the details, provide guidance, and carry out the Act.

The publication of guidelines means that enforcement of the CCPA would not occur until six months after the adoption of implementation regulations, or July 1, 2020, whichever was sooner.

Level Access can help with CCPA compliance. Contact us to learn more about how Level Access can help you.