In addition to complying with the general compliance obligations of the CCPA, data brokers are required to take the following actions:

1. Registration. Data brokers are required to register with the California Attorney General.¹
2. Fees.  Data brokers are required to pay a fee as part of the registration process.²
3. Opt-out Mechanism.  As data brokers, by definition, sell personal information, they are required to provide an opt-out mechanism by which consumers can instruct the broker to cease such sales.³
4. Respond to Opt-Out Signals.  As data brokers, by definition, sell personal information, they are required by the regulations implementing the CCPA to “treat user-enable global privacy controls, such as a browser plugin or privacy setting, device setting, or other mechanism, that communicates or signal[s] the consumer’s choice to opt-out of the sale” or personal information as an opt-out request.⁴

For more information and resources about the CCPA visit http://www.CCPA-info.com.

This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes.  You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

1. Cal. Civil Code 1798.99.82(a).

2. Cal. Civil Code 1798.99.82(b)(1).

3. Cal. Civil Code 1798.120(b).

4. Cal. Reg. 999.315(d).

[View source.]