Some companies have objected to the CCPA’s definition of “business,” which purports to treat some affiliated companies that utilize common branding as a single business for the purpose of the Act. Specifically, they have pointed out that there are situations in which corporate affiliates that share common branding might be of disparate size such that Affiliate A has revenues that exceed the minimum set by the CCPA and, thus, would be covered by the Act (i.e., $25 million in annual gross revenue), but Affiliate B does not have revenues that meet the CCPA’s threshold. They have argued that treating Affiliate A and Affiliate B as a unified business, and as a result, subjecting both to the requirements of the statute, disregards the reality that the companies are separate legal entities that are entitled to be treated as such in connection with regulatory requirements.
During the rulemaking process, the California attorney general was asked to establish a rule that would permit affiliated companies that shared common branding not to be treated as a single “business” under the Act on the condition that the affiliates did not engage in data sharing. In essence, the request would allow affiliated entities with common branding to elect by their actions whether they should be treated as a unified business. The attorney general refused the request, noting that, in his opinion, it was “inconsistent with the statute’s definition” of a “business.”1 The implication of the refusal is that whether affiliated entities are treated as a single “business” under the Act may be a question of fact regarding the degree of control and the degree of common branding between the companies; it may not be a choice that companies can elect as part of their compliance strategy.
1 FSOR Appendix A at 5, 6 (Response 18).