The California Privacy Protection Agency’s (CPPA) new data broker regulations took effect on December 27, 2024. They are now in effect during the CPPA’s annual data broker registration period, which lasts from January 1 to January 31, 2025. Any business that operated as a data broker in 2024 is required to register during this period.
California law defines a data broker as a “business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship.” As we previously reported, the new regulations expand the definition of a “direct relationship,” which could require some consumer-facing businesses that collect personal information from third-party sources and sell that data to third parties to register as data brokers.
California regulations typically take effect quarterly, with at least one month between the date the Office of Administrative Law (OAL) files a regulation with the Secretary of State and the effective date, pursuant to California Government Code 11343.4(a). However, the CPPA’s regulations went into effect the day after they were filed with the Secretary. According to information provided by OAL, the CPPA petitioned OAL to make the regulations effective earlier by demonstrating good cause (pursuant to Cal. Gov’t Code § 11343.4(b)(3)). Ad Law Access has reached out to the CPPA to provide a copy of the agency’s request demonstrating good cause, and we’ll update the blog post when we learn more.
CPPA’s directions on registering as a data broker are available at https://cppa.ca.gov/data_brokers/.
[View source.]
