Over the course of 2020, our sister agency has seen tremendous interest in California’s new data privacy law, CCPA. This new law took effect at the beginning of January 2020 and the state of California has begun enforcing it as of July. It’s not surprising that businesses and site owners want to learn about what they need to do to become compliant with this law and avoid civil penalties of up to $7,500 per violation along with statutory damages. As accessibility advocates, we think that most companies that are expending effort to follow the law should be equally worried about their obligations under the ADA.
In some ways, it makes sense that the public has shown far more interest in CCPA this year. As a brand new law, there has been quite a bit of coverage of the law in the general press; perhaps even more importantly, the technology world has closely followed both the new legislation and the response of major tech companies and data brokers. This all trickles down into the priorities of businesses, and, perhaps more importantly, the digital agencies that advise them.
Furthermore, while CCPA is the first data privacy law of its kind in the United States, internationally focused firms that did business in Europe already had gone through a similar compliance process for GDPR. Major content management systems like WordPress have already built GDPR compliance into their core and various turnkey solutions related to data privacy and cookie management have made it easy to outsource compliance. All of this has laid the groundwork to make your website CCPA compliant relatively simply if you are willing to budget for it.
In contrast, the American with Disabilities Act turned 30-years-old this year! It was already in place before the internet gained popularity and over the past five years, federal courts have began interpreting this law as requiring website accessibility. The Department of Justice has repeatedly delayed issuing its own interpretation of what exactly the ADA requires of websites and this ambiguity has invited a tranche of drive-by lawsuits over the past several years. Most recently, at the end of 2019, the Supreme Court shut down an appeal from Domino’s Pizza attempting to block a lawsuit over its inaccessible websites and apps. As a result, web accessibility has gotten more attention than ever, but this is a much lower plateau.
Why does CCPA get so much more attention than ADA?
We’ve already noted that the response to CCPA is the result of a novelty bias as well as existing compliance efforts and infrastructure from the the EU’s GDPR law. But I think the context surrounding the new CCPA law also accounts for quite a bit of the disparity. The push to pass this new privacy law in California was boosted by the publicity surrounding Facebook’s (lack of) data privacy practices that came to light in the Cambridge Analytica incident back in 2016. More generally, Facebook, Google, and other data brokers have in some sense become the villains in the stories we tell about what is wrong with the internet.
When it comes to web accessibility, there are no villains. No one directly profits from keeping the web inaccessible. The primary obstacle we face is that most site owners don’t know any better. They are completely unaware of the fact that the ADA applies to websites, what becoming accessible entails or how to do it.
Even as awareness of web accessibility is slowly rising, there are other obstacles that make it more comfortable for site owners to deprioritize it. Coming into compliance with data privacy laws requires a bit of effort, but the costs primarily fall on third parties. The burden of becoming accessible falls entirely on the website owner; even for site owners who are aware of their obligations, auditing and remediating a site for accessibility is a lengthy and expensive process.
Your ADA Risk Is Almost Certainly Greater
Note: We at Accessiblu are not attorneys and nothing in this article should be construed as legal advice.
CCPA has quite a lot of carveouts such that the burden of compliance is mostly limited to companies with more resources. Only businesses that make more than $25 million in annual revenue from California, collect data on more than 50,000 people, or earn more than 50% of revenue in California are subject to the law. Small businesses (and even larger businesses without much of a California footprint) are exempt.
The section of the ADA that has been interpreted as applying to websites (Title III) has no small business exemption and is generally applicable to all entities operating “public accommodations” other than religious organizations or “private clubs”.
Furthermore, the primary mechanism for enforcement of the CCPA is complaints brought by the California attorney general’s office; the chances of any given company being a target is fairly low. The ADA, on the other hand, is primarily enforced by private lawsuit; it is quite common for single plaintiffs to file suit against dozens of companies at once. Here are some examples from the culinary institutions in Denver, wineries across the country, and the cannabis industry.
There is more than one way to make your site accessible, but if you’d like to move decisively to reduce your legal risk and help make sure that everyone can use your website, we can help get you setup with our automated accessibility tools. In our opinion, even if you choose to manually remediate, automated accessibility can serve as a bridge to ensure that your site is usable while that process is underway and as a backstop to catch any omissions (including regressions introduced after your remediation is already complete).
We are here to help
Get in touch for a free consultation so that we can help you figure out your next (and hopefully only) step.