The CCPA generally does not require that a company obtain the consent (or the “opt-in”) of a person before collecting or using their personal information. Consent is, required, however, in the following situations:
No.
The European GDPR does not use the term “service provider” and, instead, refers to “processors.” While processors within the GDPR are defined in a similar manner to service providers under the CCPA, the GDPR is far more proscriptive regarding the contractual terms that must be present in a processor agreement. Specifically, the GDPR requires
While United States statutes that require privacy notices differ in terms of what they require to be included within a privacy notice, none mandate that an organization disclose the fact that information may be shared as part of a merger or acquisition.[1] That said, in 2000 the Federal Trade Commission (FTC) took the position
The regulations implementing the CCPA make clear that the notice at collection (or the privacy notice if it is being used to satisfy the notice at collection) does not have to be physically provided to a consumer; instead a business must make it “readily available” in a location where consumers are likely to encounter it.
No.
Based upon a review of the websites of the Fortune 500 conducted approximately one year after the CCPA went into effect, 21.4% of websites included a “do not sell my personal information link.” 78.6% of websites did not include a link to opt out of the sale of personal information.1 A review of
As plaintiffs’ attorneys continue to experiment with ways to utilize the California Consumer Privacy Act (CCPA) to obtain quasi-discovery, questions exist whether they may attempt to leverage the obligations imposed by the CCPA on law firms. While the CCPA states that the “obligations imposed on businesses by Sections 1798.110 to 1798.135 [of the CCPA], inclusive,
Litigants traditionally look to the rules of civil procedure in order to get discovery in a litigation. Plaintiff’s attorneys have, however, begun to try to circumvent restrictions within the discovery rules that are designed to limit the number, type, and timing of information requests, by sending out “access requests” on behalf of their clients under
For an entity to be considered a “business” under the CCPA, it must meet one of three thresholds. One of those thresholds is whether the entity “annually buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices.”
Probably not.
Some companies have objected to the CCPA’s definition of “business,” which purports to treat some affiliated companies that utilize common branding as a single business for the purpose of the Act. Specifically, they have pointed out that there are situations in which corporate affiliates that share common branding might be of disparate size
Greenberg Traurig invites you to join us for an informative discussion on the recently enacted Proposition 24, the California Privacy Rights Act (CPRA), and how it builds on the compliance issues created by the California Consumer Privacy Act (CCPA).
Thursday, Jan. 14, 2021
10:00 – 10:30 a.m. MST / 12:00 – 12:30 p.m. EST
During