Can corporate affiliates that share common branding choose whether they want to be considered a unified “business” under the CCPA?

Bryan Cave Leighton Paisner
Contact

Probably not.

Some companies have objected to the CCPA’s definition of “business” which purports to treat some affiliated companies that utilize common branding as a single business for the purpose of the Act.  Specifically, they have pointed out that there are situations in which corporate affiliates that share common branding might be of disparate size such that Affiliate A has revenues that exceeds the minimum set by the CCPA and, thus, would be covered by the  Act (i.e., $25 million in annual gross revenue), but Affiliate B does not have revenues that meet the CCPA’s de minims threshold.  They have argued that treating Affiliate A and Affiliate B as a unified business and, as a result, subjecting both to the requirements of the statute disregards the reality that the companies are separate legal entities which are entitled to be treated as such in connection with regulatory requirements.

During the rulemaking process, the Attorney General was asked to establish a rule that would permit affiliated companies that shared common branding not to be treated as a single “business” under the Act on the condition that the affiliates did not engage in data sharing.  In essence, the request would allow affiliated entities with common branding to elect by their actions whether they should be treated as a unified business.  The Attorney General refused the request, noting that, in his opinion, it was “inconsistent with the statute’s definition” of a “business.”1  The implication of the refusal is that whether affiliated entities are treated as a single “business” under the Act may be a question of fact regarding the degree of control and the degree of common branding between the companies; it may not be a choice that companies can elect as part of their compliance strategy.

For more information and resources about the CCPA visit http://www.CCPA-info.com.


This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes.  You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

1. FSOR Appendix A at 5, 6 (Response 18).

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bryan Cave Leighton Paisner | Attorney Advertising

Written by:

Bryan Cave Leighton Paisner
Contact
more
less

Bryan Cave Leighton Paisner on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.