July 3, 2022

Volume XII, Number 184

Advertisement
Advertisement

July 01, 2022

Subscribe to Latest Legal News and Analysis

June 30, 2022

Subscribe to Latest Legal News and Analysis

How do state statutes differ in terms of how they define the term ‘selling’?

Modern data privacy statutes create special rules for activities that involve “selling.” Among other things, most modern U.S. data privacy statutes require companies to allow data subjects to opt out of having their personal information sold. As the following chart indicates, the term “sale” is defined slightly different between and among state statutes, with some statutes defining the term as including exchanges of personal information in return for valuable consideration, others only exchanges of personal information in return for monetary consideration, and some defining it as both valuable and monetary consideration.

Definition explicitly includes

Europe

GDPR

California 2022

CCPA

California 2023

CPRA

Virginia 2023

VCDPA

Colorado 2023

CPA

Utah 2023

UCPA

Exchange of personal data for monetary consideration

N/A[1]

✓[2]

✓[3]

✓[4]

✓[5]

✓[6]

Exchange of personal data for other valuable consideration

N/A

✓[7]

✓[8]

X[9]

✓[10]

X[11]

[1] The GDPR does not expressly define the term “sale,” nor does it ascribe particular obligations to companies that sell personal information. Selling, however, is implicitly governed by the GDPR as any transfer of personal information from one controller to a second controller would be considered a processing activity for which a lawful purpose would be required pursuant to GDPR Article 6.

[2] Cal. Civ. Code 1798.140(t) (West 2020).

[3] Cal. Civ. Code 1798.140(ad) (West 2021).

[4] Va. Code 59.1-571 (2022).

[5] C.R.S. 6-1-1303(22)(a) (2022).

[6] Utah Code Ann. 13-61-101(31)(a) (2022).

[7] Cal. Civ. Code 1798.140(t) (West 2020).

[8] Cal. Civ. Code 1798.140(ad) (West 2021).

[9] Va. Code 59.1-571 (2022).

[10] C.R.S. 6-1-1303(22)(a) (2022).

[11] Utah Code Ann. 13-61-101(31)(a) (2022).

©2022 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XII, Number 125
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

David A. Zetoony Privacy Attorney Greenberg Traurig
Shareholder

David Zetoony, Co-Chair of the firm's U.S. Data, Privacy and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cyber security laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he has defended corporate privacy and security practices in investigations initiated by the Federal Trade Commission, and other data privacy and security regulatory agencies around the world, as well as in class action litigation. 

David receives regular recognitions from clients and peers for...

303.685.7425
Advertisement
Advertisement
Advertisement