In order to be considered a service provider under the CCPA, a legal entity must process personal information “on behalf of a business”[1] and be prohibited by contract from:

  1. Retaining the personal information “for any purpose other than for the specific purpose of performing the services specified in the contract . . . or

In order to be considered a service provider under the CCPA, a legal entity must process personal information “on behalf of a business”[1] and be prohibited by contract from:

  1. Retaining the personal information “for any purpose other than for the specific purpose of performing the services specified in the contract . . . or

The California Attorney General was asked to clarify whether the use of “website cookies shared with third parties” constituted the sale of personal information. The Attorney General declined to answer, stating only that whether a particular situation constitutes the sale of information “raises specific legal questions that would require a fact-specific determination, including whether or

In late January, California’s Attorney General (AG) tweeted about the use of the new Global Privacy Control (GPC), informing California consumers that on certain browsers they can use GPC as a “stop selling my data switch” to exercise their right to opt out of the sale of their personal information (PI) in one step –