Does the CCPA Apply to Crypto Companies?

The California Privacy Rights Act (CPRA) amended the California Consumer Privacy Act (CCPA) and took effect on January 1, 2023. You may be wondering whether the CCPA applies to crypto companies. The short answer is “yes”, but let’s first discuss the CCPA more broadly.

Intended to provide further protection to Californians, these regulations give California consumers several new privacy rights. These rights include: 

  1. The right to know about the personal information a business collects about them and how it is used and shared;
  2. The right to delete personal information collected from them (with some exceptions);
  3. The right to opt-out of the sale or sharing of their personal information;
  4. The right to non-discrimination for exercising their CCPA rights;
  5. The right to correct inaccurate personal information that a business has about them; and
  6. The right to limit the use and disclosure of sensitive personal information collected about them.

Considered one of the first comprehensive privacy law in the United States, the CPRA applies to businesses that collect or process the personal information of California residents which meet at least one of the following criteria: 

  1. does business in California and has annual gross revenues of over $25 million; 
  2. buys, sells, or shares the personal information of 100,000 or more California residents or households; or 
  3. derives at least 50% of their annual revenue from selling California residents’ personal information. 
How does the CCPA/CPRA apply to Crypto & Blockchain? 

The CCPA applies to all for-profit companies – there are no exceptions based on industry type. That means that crypto and blockchain business generally must comply with the CCPA and CPRA if the business meets any of the above criteria. 

However, the CCPA/CPRA has carve-outs for certain data that is already regulated under other privacy regimes. For example, there are exceptions for personal information that is subject to the Gramm-Leach-Bliley Act (GLBA). The GLBA is a federal law which requires financial institutions to explain information sharing practices to customers and to safeguard sensitive data. Ultimately, while the CCPA does apply to crypto companies, each type of data a business holds could be subject to different regulations.

Privacy laws in the US are developing at a rapid pace. As such, staying compliant with privacy and data protection laws is essential in today’s digital age. Failure to comply with these laws can result in severe consequences, such as legal action, hefty fines, and damage to reputation. Complying with privacy laws builds trust with customers, and demonstrates commitment to ethical business practices and respect for individual’s privacy. Ultimately, staying compliant with these laws is not only a legal requirement. It is also a moral responsibility that businesses and organizations must uphold to ensure the privacy and security of their stakeholders’ personal information.

We can help you understand how privacy laws will effect all aspects of your business’s data collection practices. We can also guide you through the legal requirements to help set you and your business up for success. Contact us today and schedule a free consultation to learn about how your business and your customers’ personal data can be protected.

You Might Also Like This...

Share The Article