No. 

Many Apps transmit information about their users to third party advertising technology companies to facilitate the placement of targeted advertising within the App which, in turn, generates advertising revenue for the App publisher.

Some privacy advocates, and plaintiffs’ attorneys, have argued that the CCPA’s broad definition of the term “sell” might encompass such activities.  Specifically, they claim that the CCPA considers any “disclos[ure]” of personal information to be a “sale” when a company receives “monetary or other valuable consideration.”  As the definition of “personal information” includes “unique identifiers” – a term which includes “mobile ad identifiers, or similar technology” – they have argued that the act of transmitting information about a user’s device to an AdTech partner should be considered a “sale” for the purposes of the Act.

While the definition of “sale” under the CCPA contains an exception for situations in which information is shared with a service provider, that exception may not apply to all AdTech partners.¹  Specifically, to invoke the service provider exception the contract between an App publisher and an AdTech partner must “prohibit” the partner “from retaining, using, or disclosing the personal information for any purpose other than for the specific purpose of performing the services specified in the contract with the business.”²  Behavioral advertising networks that retain the information that they obtain from Apps and use that information for the benefit of themselves (or the benefit of other members of a behavioral advertising network) may not satisfy the definition of a “service provider.”

The definition of “sale” under the CCPA contains a second exception for situations in which a “consumer uses or directs the business to intentionally disclose personal information or uses the business to intentionally interact with a third party.”³  In order to mitigate the risk that sending user information to AdTech partners might be interpreted as a “sale” of information, some App publishers ask users to consent to the sharing of their information.  If the App publisher obtains consent, it would have a strong argument that the consumer has “direct[ed] the business to intentionally disclose” their information and, therefore, the transfer of information is not a sale.

For more information and resources about the CCPA visit http://www.CCPA-info.com. 

This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes.  You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

1. CCPA, Section 1798.140(t)(2)(C).

2. CCPA, Section 1798.140(t)(2)(C)(ii), (v).

3. CCPA< Section 1798.140(t)(2)(A).

[View source.]