Website Compliance and You – ADA, GDPR, & CCPA

There is no “secret sauce” when it comes to crafting a competent and compliant website.

Creating, developing, and maintaining a website for your business requires preparation and planning. There are intricate details (some very, very boring and/or confusing) that every business and website owner should understand and implement before launching their website into the great unknown of the Internet.

If you take the time to look hard enough, you will find tons of checklists out there that claim to nicely delineate the steps every website should follow to ensure a successful launch. Of course, there is no silver bullet or magic fairy dust (no matter how magical the marketing language used) that will ensure your website is compliant. Education and awareness, however, will go a long way in ensuring you don’t look for quick answers – or worse, pay for quick solutions – that do not adequately prepare your website.

Now, ‘surface-level fixes’ and easy-to-follow checklists are not bad ways to give your website a general gut-check. In fact, critical steps in any website’s success include attention to responsive design, dedication to a well-thought-out analytics plan, and adherence to the basics of content hierarchy. However, in between image selections, footer discussions, and maybe deciding to go with a carousel slider on your homepage (Author’s Note: Do not do this), an often-overlooked website planning phase revolves around the concept of website compliance.

What is Website Compliance?

Compliance. There is possibly nothing less exciting in website infrastructure than regulatory considerations. And while, much like real infrastructure, these considerations do not get much attention at the start, when something goes wrong, it can cost your business both time and money. As we have all learned of late, prevention and preparation – even in the most simple forms – can go a long, long way.

Who are the big contenders when we talk about website compliance? What scary acronym will we likely see splashed across the pages of a litigious lawyer’s letterhead? Well, for the sake (and brevity) of this article, I will touch upon three: ADA, GDPR, and CCPA. That is, the Americans with Disabilities Act, the General Data Protection Regulation, and the California Consumer Privacy Act.

Americans with Disabilities Act (ADA)

Let’s dive into the “older brother” of the crew – the piece of legislation that has been around the longest (back when Will Smith was the Fresh Prince and not the Genie) – ADA.

A few things to get out of the way first so we’re all on the same page: yes, your website is considered a “place of public accommodation,” and yes, your website can still be held liable under this Federal law even if you’re a private company. The ADA is a strict liability law; this means that your best intentions and/or excuses for violations of the ADA – well, you can save those for some other sympathetic ears because they will not provide a defense here.

To be clear: there is no ‘bright-line’ guidance to ensure your website is ADA compliant. Anyone who says they are able to offer this is being less than truthful. In fact, the very lack of clear guidelines in this legislation has led to opinions favoring flexibility in the application of this standard to websites. In short, lawyers and courts cannot point to a single golden ‘requirement’ for web accessibility for business websites in the U.S.; however, the Web Content Accessibility Guidelines (WCAG) 2.0 AA is often a leading guidepost in this area.

Without navigating every standard laid out in those guidelines – a task that is both cumbersome and confusing – it is best to rely on common sense practices for creating or ensuring your website is as accessible as possible to every visitor. Focusing on this as a primary purpose can help ensure the most major considerations addressed by the WCAG are carried out. Aside from this general focus, the details are important too (e.g. have you taken steps to ensure the content on your website can be read by screen readers, etc.?).

For this, we recommend relying on a team (selfish promo here) that can not only audit your site from a user’s perspective, but also manually evaluate your website, ensuring both the user-side and back-end meet the basic criteria of an accessible website. This is more than simply adding alt-text to your images (but that ain’t a bad start).

General Data Protection Regulation (GDPR)

Moving on to the General Data Protection Regulation (GDPR) – a topic we broached back in 2018 – there are still a few things to keep in mind when looking at this ‘European’ entanglement. First and foremost, this isn’t something a website owner can simply ignore because they do not reside in the European Union.  GDPR is applicable to any business collecting personal data from a citizen of the EU. If your website collects personal data – of any kind – it’s probably a good idea to check in on those analytics and see if and how GDPR is applicable.

The good news here is that if your website is one that should adhere to GDPR, there are very clear guidelines and directives to help you ensure you are closely following regulations. The list of requirements might seem extensive, but the alternative of ignoring these requirements can be very costly. Just last year (May 2019), only a year after the implementation of GDPR, European data protection authorities noted almost 145,000 complaints and inquiries related to violations of this provision. Google was hit with a 50 million euro fine (and it looks like they are going to have to pay up). Bottom line – ignoring the problem can only lead to massive fines; especially as more and more citizens become aware of how to enforce their newly minted privacy rights.

California Consumer Privacy Act (CCPA)

Finally, we turn to California and the California Consumer Privacy Act (CCPA). While it may be tempting to assume that the CCPA only applies to those living their best lives on the West Coast, the truth is, much like GDPR, the CCPA has much broader implications. The CCPA applies to every company in the world that meets the following conditions:

  • They collect personal data of California residents and
  • They (or their parent company or a subsidiary) exceed at least one of the three thresholds:
    • Annual gross revenues of at least $25 million
    • Obtains personal information of at least 50,000 California residents, households, and /or devices per year
    • At least 50% of their annual revenue is generated from selling California residents’ personal data

A California resident is defined by California’s Privacy law as any person who:

  • Is in California for other than a temporary or transitory purpose
  • Is domiciled in California, but is outside the state for temporary or transitory purposes

Much like the GDPR, the CCPA enables users to be able to see what data companies have gathered about them, have that data deleted, and opt out of those companies selling it to third parties. In terms of your website, consider that anyone can visit your website, including California consumers. Therefore, if your business exceeds or may soon exceed any of the thresholds listed above and you collect or track users to your website, it is better to be CCPA compliant.

I Need a Compliant Website… What Now?

Developing and maintaining a website is no easy task, and adding in compliance complications means less time to engage with your business and your customers. Media Genesis has experience with all things digital, including ensuring your website is geared toward the adherence to these regulations. We’ve written before about the ADA and GDPR and what it means for your website, and we’ve got plans in place that can help put your mind at ease. So, if you are looking for a partner to help navigate these complex compliance waters, Media Genesis has the experience and continued vigilance to steer through those waters with you.

For questions about how Media Genesis can help your website with compliance, reach out to us at or give us a call at (248) 687-7888.