Is information disclosed by a business to a third party that provides services considered a “sale” under the CCPA?

BCLP
Contact
LinkedIn
Facebook
X
Send
Embed

The CCPA broadly defines the term “sale” as including the act of “disclosing” or “making available” personal information “for monetary or other valuable consideration” from one business to another. This arguably could include disclosures of personal information by a business to third parties who provide services to the business. The CCPA offers two exceptions for sharing between businesses and third parties:

  1. The third party is considered a “service provider” under the CCPA. To qualify as a “service provider,” the contract with the third party must prohibit the third party from:
  • Retaining the personal information “for any purpose other than for the specific purpose of performing the services specified in the contract . . . or as otherwise permitted by this title,”
  • Using the personal information “for any purpose other than for the specific purpose of performing the services specified in the contract . . . or as otherwise permitted by this title,” or
  • Disclosing the personal information “for any purpose other than for the specific purpose of performing the services specified in the contract . . . or as otherwise permitted by this title.”

2. The consumer “uses or directs the business to intentionally disclose personal information or uses the business to intentionally interact with a third party.” The consumer’s action must be “deliberate” and “intentional.” Affirmative consent (i.e., opt-in consent) qualifies as intentionally directing the business to disclose personal information to a third party.

If information is being shared between a business and a third party, and neither of the above exceptions applies, the disclosure of information to the third party might be a “sale” of information.

For more information and resources about the CCPA visit http://www.CCPA-info.com. 

This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes.  You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BCLP | Attorney Advertising

Written by:

BCLP
BCLP
Contact
more
less

BCLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide