Sorry if you're being sarcastic and it's totally gone over my head, but if you're not processing personal data you don't need to explain all the ways you don't process personal data. Otherwise you might as well explain all the other ways you're not breaking the law (which is going to be a long list).
It's impossible to build a website that doesn't process personal information at all, because the California law explicitly defines your IP address as personal information.
assuming it works like GDPR, that is presumptively acceptable on multiple grounds: (a) it is necessary to provide you business services (serving you the website) and (b) you are not retaining/logging it.
california didn't outlaw the internet guys, you're just being hysterical because you're going to have to ease back on your data collection a bit
It's presumptively acceptable, yes. But the comment I responded to was saying that you don't have to even explain it, and I don't think that's true; the law makes it pretty clear you do.
Except the _website_ doesn't have to know the IP address? It is perfectly sufficient for your IP stack to know it while the connection is established, and then immediately forget it.
If you delegate the processing to a service provider, you're still responsible for it. Someone has to do it on your behalf, which is isomorphic to you doing it.
IANAL, but my understanding is that it's not even clear you can avoid the "don't sell my data" language in CCPA even if you don't sell/share/collect data.
> IANAL, but my understanding is that it's not even clear you can avoid the "don't sell my data" language in CCPA even if you don't sell/share/collect data.
This is how my company's counsel (and other attorneys with whom our counsel consults with) has read the CCPA. If you don't sell data you don't need to include language to opt out of data sales since you don't do it. If that changes you have to message customers of change and provide the button.
