diff --git a/src/routes/+page.svelte b/src/routes/+page.svelte index 9cae72a5ba..031c060d87 100644 --- a/src/routes/+page.svelte +++ b/src/routes/+page.svelte @@ -122,14 +122,14 @@
Announcing: A new Init. Faster. Smoother. Better.Appwrite is now CCPA compliant. diff --git a/src/routes/blog/post/announcing-appwrite-is-ccpa-compliant/+page.markdoc b/src/routes/blog/post/announcing-appwrite-is-ccpa-compliant/+page.markdoc new file mode 100644 index 0000000000..f433872c8c --- /dev/null +++ b/src/routes/blog/post/announcing-appwrite-is-ccpa-compliant/+page.markdoc @@ -0,0 +1,62 @@ +--- +layout: post +title: "Appwrite is now CCPA compliant: Build privacy-first applications with confidence" +description: Appwrite complies with the standards of the California Consumer Privacy Act. +date: 2024-09-19 +cover: /images/blog/ccpa.png +timeToRead: 6 +author: jake-barnby +category: security +featured: true +--- + +At Appwrite, we're committed to helping you build secure, privacy-focused applications that meet the highest data protection standards. Now, Appwrite is **fully CCPA-compliant**, providing secure and reliable data management. + +# What is CCPA, and why does it matter? +The [California Consumer Privacy Act](https://oag.ca.gov/privacy/ccpa) (CCPA) is a landmark data privacy law that enhances consumer rights for residents of California. It was signed into law in 2018 and enacted on January 1, 2020. The law aims to give California residents more control over the personal data that businesses collect about them. Although CCPA is specific to California residents, its impact is often felt nationwide and across borders. Many companies that do business in California implement CCPA protections for all users simply because it's easier than maintaining separate data policies for different regions. + +Key rights granted by the CCPA include: + +1. **Right to know:** Consumers can request information about the personal data a business collects, uses, shares, and sells. +2. **Right to delete:** Consumers can request that a business delete their personal data, with some exceptions. +3. **Right to opt-out:** Consumers can opt-out of the sale or sharing of their personal information. +4. **Right to non-discrimination:** Businesses are prohibited from discriminating against consumers who exercise their CCPA rights (e.g., by denying services or charging higher prices). +5. **Right to correct**: Consumers can correct any inaccurate personal information a business has about them. +6. **Right to limit:** Consumers can limit how a business uses and shares their sensitive personal information. + +The CCPA applies to businesses that meet certain criteria, including having annual gross revenues of over $25 million, handling the personal information of 50,000 or more consumers, or deriving 50% or more of their annual revenues from selling consumers' personal information. + +It's similar to the [GDPR](https://appwrite.io/docs/advanced/security/gdpr) (General Data Protection Regulation) in Europe, though the two have some differences in scope and enforcement. Learn more about [CCPA vs GDPR](https://appwrite.io/blog/post/ccpa-vs-gdpr). + +# What does Appwrite’s CCPA compliance mean for you? + +Besides wanting to put your user's privacy first, complying with CCPA is crucial for your business for: + +- **Legal and financial implications**: Non-compliance can lead to hefty fines and lawsuits, especially in cases of data breaches. +- **Customer trust**: Adhering to CCPA shows that a company values privacy and is willing to go the extra mile to protect users, which can differentiate it in the marketplace. +- **B2B partnerships and contracts**: Many companies, particularly those handling sensitive or personal data, are now requiring their partners, vendors, and service providers to be CCPA compliant. + +With Appwrite’s CCPA compliance, you can trust that Appwrite will adhere to the strictest data privacy regulations. So whether you are developing apps that handle sensitive user data or simply looking to improve your data management practices, Appwrite helps you achieve privacy-first applications as we focus on privacy by design. But remember, it’s up to you to maintain the same standards in your compliance measures to ensure your user's privacy. + +# Measures taken to comply + +To ensure we adhere to the strict rules and regulations, we have taken the following steps: + +- Added CCPA references to Appwrite’s DPA to execute with customers. +- Added CCPA references to Appwrite’s DPA to execute with vendors. +- Updated the data subject rights summary to add details of data subjects' rights under CCPA, and Appwrite should assist customers in complying with these rights. +- Employees' training for handling inquiries about privacy practices and Appwrite’s compliance with CCPA. +- Updated Appwrite’s data retention and deletion policy. +- Updated Appwrite’s data breach and incident response policy. + +Appwrite safeguards personal information to the same extent it protects its own, complying with relevant privacy laws and regulations in the jurisdictions where its services are offered. + +If you’re searching for a backend provider that’s CCPA-compliant or considering CCPA- and GDPR-compliant alternatives to Firebase, Appwrite might be a great fit for you. Take a look at our [documentation](https://appwrite.io/docs) to learn more about how we approach security and compliance. + +# More security and compliance resources + +Learn more about Appwrite compliance: + +- [Appwrite is now HIPAA compliant](https://appwrite.io/blog/post/announcing-appwrite-is-hipaa-compliant) +- [Appwrite is now GDPR compliant](https://appwrite.io/blog/post/announcing-appwrite-is-gdpr-compliant) +- [Appwrite achieves SOC 2 Type 1 compliance](https://appwrite.io/blog/post/appwrite-is-now-soc-2-type-1-compliant) diff --git a/src/routes/blog/post/announcing-init-faster-smoother-better/+page.markdoc b/src/routes/blog/post/announcing-init-faster-smoother-better/+page.markdoc index a8ba6daf7a..d1f6fecf26 100644 --- a/src/routes/blog/post/announcing-init-faster-smoother-better/+page.markdoc +++ b/src/routes/blog/post/announcing-init-faster-smoother-better/+page.markdoc @@ -8,7 +8,7 @@ cover: /images/blog/announcing-init-faster-smoother-better/init-cover.png timeToRead: 4 author: eldad-fux category: init -featured: true +featured: false --- The first [Init](https://appwrite.io/blog/post/announcing-init) earlier this year was a blast, and all of you who joined made it a week to remember and will go down in the history of Appwrite. Now we’re back with another Init to celebrate everything new with Appwrite. Faster. Smoother. Better. diff --git a/src/routes/blog/post/ccpa-vs-gdpr/+page.markdoc b/src/routes/blog/post/ccpa-vs-gdpr/+page.markdoc new file mode 100644 index 0000000000..f362d0f462 --- /dev/null +++ b/src/routes/blog/post/ccpa-vs-gdpr/+page.markdoc @@ -0,0 +1,122 @@ +--- +layout: post +title: "CCPA vs GDPR: Understanding the differences and implications" +description: Learn more about the difference between CCPA and GDPR and what you need to keep in mind when building your applications. +date: 2024-09-19 +cover: /images/blog/ccpa-gdpr.png +timeToRead: 8 +author: jake-barnby +category: security +featured: false +--- +When you build your application, one of the first things you need to set up is your database and authentication. In other words, you're handling and storing user data. But with this data comes great responsibility. + +If you’re here, you probably want to understand how to handle this responsibility and manage user data properly. In this blog, we’ll break down some of the major compliance standards like **California Consumer Privacy Act (CCPA)** and the **General Data Protection Regulation (GDPR),** highlight their differences, and guide you on how to stay compliant with these regulations. + +# Overview of CCPA vs GDPR + +## What is GDPR? + +The General Data Protection Regulation [GDPR](https://appwrite.io/docs/advanced/security/gdpr) is a comprehensive **data protection** law that came into effect on May 25, 2018, across the European Union (EU). It aims to protect the **personal data** of EU citizens and harmonize privacy laws across Europe. GDPR applies to all businesses, regardless of location, that process the personal data of EU residents. Any developers building applications for EU residents must be GDPR-compliant. + +## What is CCPA? + +The California Consumer Privacy Act [CCPA](https://oag.ca.gov/privacy/ccpa), enacted on January 1, 2020, is a state-level privacy law in the United States that applies to residents of California. The **CCPA for developers** is often considered the most significant U.S. privacy regulation, giving Californians more control over their personal data and how businesses handle it. Developers looking to build **CCPA-compliant apps** must implement features that allow users to exercise their rights under the CCPA. + +Here is a straightforward overview to compare the two: + +| **California Consumer Privacy Act (CCPA)** | **General Data Protection Regulation (GDPR)** | +| --- | --- | +| Provides rights to California residents who are consumers. | Grants rights to individuals residing in the EU. | +| Covers personal information that can identify, relate to, describe, or be associated with a consumer or household, with certain exceptions. | Covers all personal data of an individual, excluding household data. Only anonymized information is outside its scope. | +| Applies to for-profit companies operating in California that meet specific financial thresholds, as well as their service providers. | Governs data controllers and processors that handle personal data of EU residents. | + +# To who do the laws apply? + +## Who must comply with GDPR + +- GDPR applies to businesses operating within the EU, offering goods and services to, or monitoring the behavior of EU residents. +- It covers personal data processing, including names, emails, IP addresses, location data, and more. +- Applies to companies of all sizes, as long as they process the personal data of EU residents. + +## Who must comply with CCPA + +- CCPA applies to for-profit businesses operating in California or serving California residents and that meet at least one of these thresholds: + 1. Gross annual revenues of over $25 million. + 2. Buy, receive, sell, or share the personal information of 50,000 or more California consumers, households, or devices. + 3. Derive 50% or more of their annual revenues from selling California consumers' personal information. +- Businesses that meet these thresholds need to prioritize **CCPA compliance** by ensuring **user data control** and clear **opt-out functionality** for data sales. + +# What are the definitions of personal data? + +## GDPR + +Under GDPR, personal data is broadly defined as any information that relates to an identified or identifiable individual. This includes names and email addresses, as well as things like IP addresses, location data, and cookie identifiers. Ensuring secure data management for these data types is a key aspect of compliance for developers. + +## CCPA + +The [CCPA](https://appwrite.io/docs/advanced/security/ccpa) defines personal information similarly but includes additional categories such as browsing history, geolocation data, and inferences drawn from personal data to create a consumer profile. The law emphasizes the sale of personal information, so developers must implement opt-out functionality to meet CPA compliance. + +# What are a consumer’s rights? + +Both GDPR and CCPA provide users with enhanced rights regarding their personal data, but the rights differ slightly. + +## Under GDPR, consumers have: + +- **Right to access**: Individuals can request access to their data and information on how it is processed. +- **Right to rectification**: Users can ask for inaccuracies in their personal data to be corrected. +- **Right to erasure (Right to be forgotten)**: Individuals can request that their personal data be deleted. +- **Right to restrict processing**: Consumers can request to limit the use of their personal data. +- **Right to data portability**: Individuals can receive their data in a machine-readable format and transfer it to another service. +- **Right to object**: Consumers can object to the processing of their data under certain conditions. +- **Right not to be subject to automated decision-making**: Including profiling based on personal data. + +## Under CCPA, consumers have: + +- **Right to access**: Users can request a copy of the personal information collected about them in the previous 12 months. +- **Right to deletion**: Individuals can ask that their data be deleted (with some exceptions, such as for completing transactions or legal compliance). +- **Right to opt-out of the sale of personal information**: California residents can instruct companies not to sell their personal data to third parties. +- **Right to non-discrimination**: Businesses cannot discriminate against consumers for exercising their CCPA rights (e.g., charging them higher prices or offering lower-quality services). +- **Right to correct**: Consumers can correct any inaccurate personal information a business has about them. +- **Right to limit:** Consumers can limit how businesses use and share their sensitive personal information. + +# How are both laws enforced? + +## GDPR penalties + +GDPR imposes severe penalties for non-compliance: + +- Fines can be up to €20 million or 4% of the company’s global annual revenue, whichever is higher. +- Non-compliance can lead to significant financial and reputational damage, making **privacy by design** a priority for developers. + +## CCPA penalties + +CCPA penalties are less severe but still impactful: + +- Fines of up to $2,500 per violation or $7,500 for intentional violations. +- There is also a provision for consumers to sue businesses directly for certain types of data breaches, which can result in additional financial liability for companies. + +# Opt-in vs. opt-out + +**GDPR** requires businesses to obtain explicit consent (opt-in) before processing personal data, particularly sensitive data categories like health or financial information. + +**CCPA** operates primarily on an opt-out basis, where businesses can process personal information unless the consumer explicitly opts out, particularly regarding the sale of personal information. This means developers need to implement developer-friendly CCPA tools and secure APIs for CCPA compliance to ensure consumers can easily exercise their rights. + +# Global implications for developers + +If you’re building applications or services that target a global audience, you may need to comply with both **CCPA** and **GDPR**. The overlap between the two means you can streamline some compliance efforts, but you’ll also need to account for the specific requirements of each law. + +For example: + +- Under **GDPR**, [consent management and data minimization are key](https://appwrite.io/blog/post/7-steps-to-achieve-gdpr-compliance-for-startups), so developers need to build features like granular consent capture and access logs. +- Under **CCPA**, the emphasis on **opt-out mechanisms** for data sales means that developers should build clear, user-friendly options for consumers to opt out of data selling practices. + +Using platforms like Appwrite, which offers compliant backend services with built-in Appwrite privacy features, developers can ensure their applications meet both CCPA and GDPR standards. With Appwrite’s secure backend and [privacy compliance solutions](https://appwrite.io/docs/advanced/security/gdpr), developers can seamlessly integrate privacy controls like opt-out functionality, user data control, and secure data management into their applications. + +# Building with privacy in mind + +Both the **CCPA** and **GDPR** are designed to empower consumers and provide them with more control over their personal data, but they take different approaches to achieve this goal. For developers, the key takeaway is that compliance isn’t just about meeting legal requirements—it’s about fostering trust with users. By designing **privacy-conscious applications**, developers can ensure they meet both **CCPA** and **GDPR** standards, keeping their products legally compliant and user-focused. + +Understanding the differences between CCPA and GDPR helps developers build apps that protect privacy and are transparent. Using developer-friendly platforms like Appwrite, which offer privacy-focused tools and secure APIs, makes it much easier to create apps that comply with both CCPA and GDPR. + +Take a look at our [documentation](https://appwrite.io/docs) to learn more about how we approach security and compliance. diff --git a/src/routes/changelog/(entries)/2024-09-19.markdoc b/src/routes/changelog/(entries)/2024-09-19.markdoc new file mode 100644 index 0000000000..6824e03e95 --- /dev/null +++ b/src/routes/changelog/(entries)/2024-09-19.markdoc @@ -0,0 +1,13 @@ +--- +layout: changelog +title: "Appwrite is now CCPA compliant: Build privacy-first applications with confidence" +date: 2024-09-19 +cover: /images/changelog/2024-09-19.png +--- +At Appwrite, we're committed to helping you build secure, privacy-focused applications that meet the highest data protection standards. Now, Appwrite is fully CCPA-compliant, providing secure and reliable data management. + +The California Consumer Privacy Act (CCPA) is a landmark data privacy law that enhances consumer rights for residents of California. The CCPA is designed to enhance privacy rights and consumer protections for residents of California. It was signed into law in 2018 and enacted on January 1, 2020. The law aims to give California residents more control over the personal data that businesses collect about them. Although CCPA is specific to California residents, its impact is often felt nationwide and across borders. Many companies that do business in California implement CCPA protections for all users simply because it's easier than maintaining separate data policies for different regions. + +{% arrow_link href="/blog/post/announcing-appwrite-is-ccpa-compliant" %} +Read the announcement to learn more +{% /arrow_link %} diff --git a/static/images/blog/ccpa-gdpr.png b/static/images/blog/ccpa-gdpr.png new file mode 100644 index 0000000000..dde0fc6944 Binary files /dev/null and b/static/images/blog/ccpa-gdpr.png differ diff --git a/static/images/blog/ccpa.png b/static/images/blog/ccpa.png new file mode 100644 index 0000000000..cbde5bdb99 Binary files /dev/null and b/static/images/blog/ccpa.png differ diff --git a/static/images/changelog/2024-09-19.png b/static/images/changelog/2024-09-19.png new file mode 100644 index 0000000000..cbde5bdb99 Binary files /dev/null and b/static/images/changelog/2024-09-19.png differ