Security News > 2020 > January > Are Companies Adhering to CCPA Requirements?

"The attorney general should promulgate regulations reflecting that the transfer of data between unrelated companies for any commercial purpose falls under the definition of sale, so that consumers can opt out of the sharing of their data for targeted advertising," writes the Center for Digital Democracy in a blog.

The law exempts the transfer of data to "Service providers" from the "Sale" definition, and many companies are claiming they qualify for that exemption, says Heikki Tolvanen, co-founder of PrivacyAnt, a Finland-based privacy firm.

"Clearly, data brokers don't fall under the exemption, but many normal business activities will," says Reece Hirsch, a partner at the law firm Morgan, Lewis & Bockius LLP. Under CCPA, if information is de-identified, then it does not constitute "Sale" of data if that information is shared.

Tolvanen adds: "Google's CCPA Addendum covers only online IDs as personal information that is in the scope of CCPA agreement. This raises questions about what happens with other data disclosed to Google. For example, with Google Analytics, businesses are clearly disclosing more data than just 'Online IDs' to Google."

CCPA also gives consumers the right to know how their data is getting used and the kind of data that is being collected.

News URL

https://www.inforisktoday.com/are-companies-adhering-to-ccpa-requirements-a-13653