Website Accessibility Under the California Consumer Privacy Act
Enforcement of the California Consumer Privacy Act ("CCPA") imminent. While much of the CCPA focuses on required notices, processes, and consumer rights, it also contains an accessibility requirement that many may overlook. While enforcement of the CCPA is to be pursued by the Attorney General, accessibility considerations need to take into account not only CCPA requirements, but other laws addressing accessibility that permit civil claims to be made by website users. In the context of all of these requirements a company may face upwards of $11,500 in fines and damages per violation if website accessibility is not properly addressed. So what are the requirements for website accessibility? How might a business implement changes? What are the risks should a website not be deemed accessible?
What Laws Require that a Website is "Accessible"?
There are three laws that address website accessibility:
- The Americans with Disabilities Act ("ADA"): This requires places of public accommodation to provide accommodations to those with disabilities and can be deemed to require website accessibility under certain circumstances;
- The Unruh Act: This requires that all persons within California are treated equally, including for any facilities, services, or business establishments; and
- The CCPA: This requires that businesses provide notices to consumers, in an accessible and understandable format, regarding their personal information, and affords guidance to the how consumers can control personal information.
The CCPA's regulations set forth requirements for notices that are provided online, including opt-out notices, notices at collection, notices regarding loyalty programs, and privacy policies – stating that these must be accessible, incorporating the WCAG to specify how accessibility will be achieved. WCAG is promulgated by the World Wide Web Consortium ("W3C"), an international community which works to create standards for internet websites. WCAG is a set of guidelines that W3C has developed to outline how to make websites accessible for those with visual, auditory, physical, speech, cognitive, language, learning, and neurological disabilities.
For example, there are requirements that (1) text alternatives are provided for non-text content like images or videos, (2) timed content is able to be controlled by the user, (3) requirements that a website and its components are functional with screen readers, and (4) websites can be accessible for a user that only utilizes a keyboard.
How Can a Website Move Towards Compliance?
With a very limited number of WCAG Violations are typically found by automated testing tools (estimated to be only about one-third of all violations), a website audit or cursory review by a live-user is likely necessary. Using an overlay tool, or ‘quick fix’, unfortunately have not been proven to make the experience better for individuals with disabilities or satisfy accessibility requirements. Industry SME's and the disabled community have raised a number of concerns in recent months that they make the experience worse or exclude disabled users from an equitable experience. Engaging with a human driven solution is the preferred initial step to protect your organization in addressing the CCPA's accessibility requirements and potential lawsuits under the other accessibility laws.
Penalties for Non-Compliance
The time to reach compliance is rapidly shrinking, and as it pertains to the ADA and the Unruh Act, it has already passed. With the focus of commerce shifting further from brick-and-mortar locations to the internet, it is more important than ever to form a compliance plan for website accessibility, whether it is to proactively comply with the CCPA, address other accessibility requirements, or as an additional consideration for updates to a company's website.