CCPA Summary

(updated: December 12, 2019)

What is CCPA?

The California Consumer Privacy Act (CCPA) was enacted in 2018 and takes effect on January 1, 2020. This legislation secures new privacy rights for California consumers / end users.

Rights of the End User under the CCPA

There are a few rights under CCPA that are guaranteed to California residents.

  1. The right to understand the personal information that is collected about them - A privacy policy needs to communicate the types of data that are being collected and the purpose for which that data is being used.

  2. The right to understand the parties to whom their personal data is sold/disclosed, and to have a way of opting-out of the sale/disclosure - Under CCPA, data is considered “sold” not only if a monetary exchange occurred, but as well if any exchange of value occurred. If an exchange of data for value does occur, the end user has the right to understand that the data is being exchanged for value and to opt-out of this exchange.

  3. The right to access and review the personal information that has been collected - CCPA requires a mechanism by which the end user may access and review the personal data collected about them (this right is very similar to what the European Union’s General Data Protection Regulation provides via its Data Subject Access Right).

  4. The right to have the data collected about them by a business deleted - The consumer must be able to request that the personal information about them, collected and held by the business, be deleted.

  5. The right to be free of discrimination for exercising these rights - The exercise of any of the above rights may not alter the services provided by the company to the consumer.

Opt Out

With CCPA, the end user must be given the option to opt-out of the sale or transfer of their personal information. You must provide a manner by which user’s of your app can exercise this right. If a user does choose to Opt-Out, you must tell Flurry this through the setDataSaleOptOut method in the appropriate SDK. This flag will need to be set to True when starting the Flurry session when the user is marked as opted-out in your system/app.

Data Access

As mentioned above, the consumer needs the ability to access the data that is collected about them. Flurry provides two mechanisms by which this right may be supported:

  1. Flurry will be providing, free of charge, a Privacy Dashboard service for any app developers in need of such a service. Details are available here.

OR

  1. You may issue requests against the Flurry datarequests API as documented here.

Data Deletion

As mentioned above, the consumer needs the ability to access the data that is collected about them. Flurry provides two mechanisms by which this right may be supported:

  1. Flurry will be providing, free of charge, a Privacy Dashboard service for any app developers in need of such a service. Details are available here.

OR

  1. You may issue requests against the Flurry datarequests API as documented here.

Important Dates

The following dates represent important milestones for Flurry Analytics support for CCPA.

  • December 2, 2019 - CCPA Compliant Flurry Analytics SDKs available (Now available)

  • December 11, 2019 - Flurry CCPA Data Request API available (Now available)

  • January 1, 2020 - CCPA takes effect.

FAQ

Q: Do I need to update the Flurry SDK in my app for this?

A: In order to provide the ability of the end user to opt out from the transfer of data, you will need to update your SDK.

Q: How does Flurry help me service California citizen Access and Deletion requests?

A: Please refer to the section Data Access and Data Deletion sections above.

Q: When will the Data Request APIs be available?

A: Please refer to the Important Dates section above.

Q: Do I have to build a service that allows the users of my app to view data and exercise data requests?

A: Flurry will be providing, free of charge, a Privacy Dashboard service for any app developers in need of such a service. Details are available here.

Q: Will there be updated Terms of Service (TOS) for Flurry?

A: Likely. Terms are currently under review and will be updated if needed before 12/15/2019.

Q: Does the Flurry SDK collect what CCPA defines as “personal information”?

A: Yes. In order to provide unique count analytics such as DAU, DAD, MAU, MAD and features such as Retention, Funnels, Crash, and others, Flurry Analytics collects device identifiers that are considered “personal information” under CCPA. This is a standard practice in the marketplace and is required in order to provide these analytics.

Q: If one of the users of my app Opts Out or exercises a Delete request, will it change my metrics?

A: Opt Outs will not affect metrics in any way. Deletion requests can, in some cases, affect metrics. For data that has been summarized already (e.g. Sessions, DAU, DAD, etc.), the counts will be unaffected. For features that are calculated on the fly, such as the items in Explorer, the values will change. We expect that the overall volume of Deletion requests to be low and therefor the impact to your metrics to be negligible.

Q: If one of the users of my app opts out, how will that affect my data?

A: There will be no affect to your metrics or the raw data from an opt out.

Q: Do we need to educate users regarding their rights under CCPA?

A: There is pretty clear language in CCPA that provides information on this topic. This is certainly a question that you should take up with your legal representatives.

Q: How will the users of my app get the IDs that they need to exercise an Access or Delete request?

A: Your app has access to the necessary identifiers for allowing users to exercise their requests. Given this, you have many options on how to collect and execute a request for data in Flurry Analytics. One example could be to have an option within your app to Exercise Access Request, which sends a request which includes the necessary IDs to your systems/team for manual or automated processing. There are many options for doing this and you must work with your legal representatives and team to determine the approach that best fits your needs and meets the requirements of CCPA.

Q: I use Flurry for my metrics, but I don’t develop the app. How can I make sure that the app is covered?

A: We have emailed all Admins for Flurry accounts. However, out of an abundance of caution, we suggest that you reach out to your development representatives directly.

Further Questions

If you have any questions regarding Flurry Analytics and CCPA, please contact support@flurry.com.

Note

This is a living document. New details will be added as they become available.