The CCPA includes within the definition of a “business” an entity “that controls or is controlled by [another] business” and that “shares common branding with the business.” 1 This provision has been referred to by some companies as the “unified business provision” as it functionally states that entities under common control and common branding should be treated under the CCPA as a single “business” instead of as multiple business entities. Other companies have referred to this as the “affiliate exception” owing to its functional impact on compliance. Specifically, if the Act did not treat businesses that were under common ownership, control, and branding as a single business, then affiliates might find themselves in the situation in which transfers of data between and among members of a corporate group might constitute the “sale” of information as they might be viewed as transfers from one business to a separate business for consideration (if, for example, the affiliated entities were performing services for one another or cross-marketing products). Viewing corporate affiliates as a single business unit for the purposes of the CCPA functionally creates an exception to the definition of “sale” for those situations in which Affiliate A transfers personal information to a commonly branded Affiliate B.
For more information and resources about the CCPA visit http://www.CCPA-info.com.
This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes. You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.
1. CCPA, Section 1798.140(c)(2).