The CCPA generally does not require that a company obtain the consent (or the “opt-in”) of a person before collecting or using their personal information. Consent is, required, however, in the following situations:

  1. Exemption from the definition of “sale.” The CCPA’s broad definition of “sale” could encompass a number of ordinary information transfers in addition

No.

The European GDPR does not use the term “service provider” and, instead, refers to “processors.” While processors within the GDPR are defined in a similar manner to service providers under the CCPA, the GDPR is far more proscriptive regarding the contractual terms that must be present in a processor agreement. Specifically, the GDPR requires

The regulations implementing the CCPA make clear that the notice at collection (or the privacy notice if it is being used to satisfy the notice at collection) does not have to be physically provided to a consumer; instead a business must make it “readily available” in a location where consumers are likely to encounter it.

As plaintiffs’ attorneys continue to experiment with ways to utilize the California Consumer Privacy Act (CCPA) to obtain quasi-discovery, questions exist whether they may attempt to leverage the obligations imposed by the CCPA on law firms. While the CCPA states that the “obligations imposed on businesses by Sections 1798.110 to 1798.135 [of the CCPA], inclusive,

Litigants traditionally look to the rules of civil procedure in order to get discovery in a litigation. Plaintiff’s attorneys have, however, begun to try to circumvent restrictions within the discovery rules that are designed to limit the number, type, and timing of information requests, by sending out “access requests” on behalf of their clients under

For an entity to be considered a “business” under the CCPA, it must meet one of three thresholds. One of those thresholds is whether the entity “annually buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices.”

Probably not.

Some companies have objected to the CCPA’s definition of “business,” which purports to treat some affiliated companies that utilize common branding as a single business for the purpose of the Act. Specifically, they have pointed out that there are situations in which corporate affiliates that share common branding might be of disparate size

Greenberg Traurig invites you to join us for an informative discussion on the recently enacted Proposition 24, the California Privacy Rights Act (CPRA), and how it builds on the compliance issues created by the California Consumer Privacy Act (CCPA).

Thursday, Jan. 14, 2021
10:00 – 10:30 a.m. MST / 12:00 – 12:30 p.m. EST

During