# California Invasion of Privacy Act (CIPA) {% hint style="success" %} **Access Type**: Consent Notices - Editor {% endhint %} The California Invasion of Privacy Act (CIPA) is a state-specific law that requires consent from all parties to engage in wiretapping or use a trap and trace device. CIPA has been a popular tool in recent years to challenge the use of website tracking technologies such as web pixels, session replay software, and chatbots by alleging that these technologies intercept and transmit information about end-user interactions with a website to third-parties. In this article, we will cover how to configure and implement a consent notice that mitigates your organization's risk under the California Invasion of Privacy Act (CIPA). * [Configure consent notice](#configure-consent-notice) * [Implementation](#implementation) * [Testing](#testing) {% hint style="info" %} [Click here](https://www.didomi.io/blog/california-invasion-of-privacy-act-cipa) to learn more about about the California Invasion of Privacy Act (CIPA) in the Didomi blog. {% endhint %} *** ### Configure consent notice Didomi has identified two ways in which your organization can configure your consent notice to mitigate risk under the California Invasion of Privacy Act (CIPA) based on the way your organization is collecting consent. | [Implied consent](#implied-consent) | By navigating to the website the end-user is providing consent to the conditions conveyed in the first layer of the consent notice. | | ----------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | | [Express consent](#express-consent) | The end-user has to explicitly provide consent to the purposes and vendors | {% hint style="warning" %} **Note**: Please confer with your organization's legal counsel before proceeding with implied or express consent configuration. {% endhint %} To start, click **Consent Notices** on the left-hand panel and select **Create a notice** on the subsequent page.

Select the platform for your consent notice and click **Go to next step**.

Use the following steps to select if your organization is leveraging any existing frameworks (e.g. Global Privacy Protocol (GPP)) for the consent notice. Click **Generate my Consent Notice** when finished.

Navigate to the **Regulations** sub-tab of the **Regulations** tab and enable the toggle for the California Privacy Rights Act (CPRA). Click **Edit Vendors and Purposes** inline with CPRA.

Use the Vendors section of the subsequent page to add vendors to the consent notice.

When finished, navigate to the Processing rule overrides section and click **Add override**.

In the Add override modal: {% stepper %} {% step %} Use provided drop-down menu to select a purpose {% endstep %} {% step %} Select all vendors to which the purpose applies {% endstep %} {% step %} Select option for **Require consent for selected vendors** {% endstep %} {% step %} Click **Save** when finished. {% endstep %} {% endstepper %}

Repeat for every purpose associated with your consent notice.

Click **Save** to confirm your changes to the Purposes & Vendors section of the consent notice. Next, select the **Customization** tab to edit the end-user experience when interacting with your consent notice and click **Content Editor**.

Refer to the tabs below for customization strategies based on whether your organization is utilizing implied consent or express consent. {% tabs %} {% tab title="Implied consent" %} The implied consent customization strategy relies on the customer navigating beyond the consent notice to the website as implicit consent to the terms and conditions outlined in the first layer of the consent notice. For this strategy, your organization will want to perform the following: * Explicitly state in the first layer of the consent notice that navigation to the site means that the end-user accepts your organization's conditions * Hide any buttons/links that allow end-user to navigate to the second layer of the consent notice

{% hint style="warning" %} **Note**: In the above example, the **Agree and close** button has been renamed to **Continue to site**. This change is optional. {% endhint %} {% endtab %} {% tab title="Express consent" %} The express consent customization strategy relies on the customer actively providing consent to the purposes associated with the consent notice. Without express consent, end-user is not collected. In addition to including **Agree and close** button, your organization can leverage custom JSON (via **Advanced settings**) to further customize the consent notice to perform the following:

Customization	Custom JSON
Add a Continue without agreeing link	`{ "notice": { "denyOptions": { "button": "secondary", "link": true } } }`
Add a Disagree and Close button	`{ "notice": { "content": { "activeElements": [ "deny", "dismiss" ] } } }`

Please confer with your organization's legal counsel before proceeding with the customization. {% hint style="warning" %} **Note**: The above customizations will impact consent notices across all regulations configured for the consent notice. Didomi recommends that if your consent notice is designed for multiple regulations that your organization create a separate consent notice specifically for the California Invasion of Privacy Act (CIPA) use case. {% endhint %}

{% endtab %} {% endtabs %} Click **Save & continue** to confirm your changes. ### Implementation From the final page of the consent notice workflow, click **Publish** to enable your consent notice on websites and/or applications. Follow the prompts on the page to add the configure the vendor tags and Didomi SDK onto your website and/or property. {% hint style="info" %} [Click here ](https://developers.didomi.io/cmp/web-sdk/third-parties/no-tag-manager)to learn how to conditionally load vendor tags based on the end-user's consent to a vendor and/or its purposes using custom Didomi `