If compliance with the California Consumer Privacy Act isn’t enough to fill marketers’ compliance plates, California Governor Gavin Newsome has signed a number of proposals to amend the CCPA. One of them requires “data brokers” to register in a directory maintained by the California Attorney General.
The amendments are intended to replace or supplement the statutory text of the CCPA and were preceded by draft regulations released by the California Attorney General. The new regulations broadly cover seven topics, including, notices to consumers, how to handle consumer requests, how to verify the identity of consumers making requests, service provider restrictions, data metric compilation, minors’ personal information and non-discrimination.
The data broker that amends the CCPA is Assembly Bill 1202 and, while it is broader that its Vermont counterpart, it joins Vermont as the second state in the nation with such a law.
“Data Broker” Defined
“Data broker” is defined as “a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a ‘direct relationship.’” The law defines “data broker” in a non-traditional sense and there is some debate about what constitutes a “direct relationship.”
Other definitions, including, but not limited to, “sale” and “personal information” are extremely broad and reference the definitions set forth in the CCPA. Note that the definition of “personal information” in the CCPA exceeds the common definitions. Consult with a privacy lawyer to discuss the scope of these critical terms and how to comply with the CCPA, including the new data broker registration law.
Registration Requirement
Data brokers will be required to register with California’s Attorney General for a fee and provide various bits of information that will be included on a publicly available directory, such as the data broker’s name and primary physical, email and Internet website addresses.
Data brokers will be required to register by January 31 of each year. The failure to do so will expose data brokers to injunctive relief and civil penalties of $100 a day, plus investigation costs.
The data broker registration amendment was passed as a vehicle to allow consumers to exercise their deletion and opt-out rights provide by the CCPA.
The CCPA becomes effective January 1, 2020.
If you are interested in learning more about this topic or ensuring that your business is compliant with state and federal data privacy legislation, please email the author at rnewman@hinchnewman.com.
Hinch Newman works with digital marketers to achieve compliance with data privacy laws, such as the CCPA and its data mapping, privacy policy, website disclosure and data broker registration obligations.
Informational purposes only. Not legal advice. May be considered attorney advertising.
