Login/Register
CCPA: how to detect the californian users ? (concerned by the CCPA)
Asked Answered
androidiosprivacyprivacy-policyccpa
G

1

8

The new CCPA guidelines require to have a specific app behaviour for the 'californian users'. By the way, I wonder if the CCPA applies to all californian citiziens (even if they are not physically present in California when the launch the app) or to all the persons present in California (event if they are not californian citizens).

So, I wonder how I can do technically in order to know if a user is concerned by the CCPA law, in order to know if I must implement a CCPA-specific behaviour for him/her.

My question is about both iOS and Android.

Thanks !

Graph answered 17/12, 2019 at 9:54 Comment(5)
You could of course treat everyone that way. Then you'd find things like GDPR compliance pretty easy too.Gaslit
Thanks @Gaslit but you don't answer my questions: 1) who is concerned by CCPA? 2) How to detect technically who is is concerned ? (question 1 included in question 2 ) Thanks !Graph
That's why I posted a comment, not an answer. If you treat everyone as CCPA expects, you don't need to worry about which people it concerns, and you don't need to detect them. You might want to distinguish technically right now, but it's fairly likely there will be some similar federal regulation before too long that renders the exercise pointless.Gaslit
IMHO The simplest solution is often the best: Why not asking the user (on first app use) his/her country/state of residence ?Yonatan
@Yonatan Simple but bad solution ; too much friction. Users will leave the app.Graph
R
3

from my understanding, CCPA applies to californian residents only (not travelers)... That being said and as we could expect some kind of generalization of the CCPA later for all US citizens, one can use a conjunction of :

  1. MCC code to identify the country (312 to 316)
  2. Any kind of IP to region code service to check for "user is present in California"

MCC CODE

With such a code, we know if the user is has a SIM card associated with an US subscription. On Android we can use getResources().getConfiguration().mcc or put a flag in lacalized config file under values-mccXXX resource directory :

<resources>
    <bool name="is_us_subscriber">true</string>
</resources>

With a default to false. Works offline but requires a SIM based device (which excludes some tablets...), for non-SIM based devices there's no seamless way to check for country of residence... Best effort will be to use IP-to-ADDRESS unless you have additionnal information coming from facebook login or whatever...

IP TO ADDRESS

Using one of (or combination of) :

You can get US State (eg: California) from user IP address. On Android, use webservice to get user latitude and longitude and then call Geocoder to check for Address#getCountry() and Address#getAdminArea() which returns :

the administrative area name of the address, for example, "CA", or null if it is unknown.

But it will only allow you to know that user is in California... And not user is a Californian resident.

MY OPINION

  • Use of external webservices is not reliable (no connection, VPN, proxy, ...)
  • Use of external webservice could be expensive
  • We lack information regarding user residence with location based services

I would recommend use MCC only since there's a high probability to see some kind of CCPA generalization in the US sooner or later...

Rabush answered 20/12, 2019 at 8:25 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.