iA data broker is defined under California law as a business that “knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship.”1 Based upon that definition, to be a data broker, the following five elements must be present:
|
Elements |
Description |
|
1. Business |
A company must be a “business” as that term is defined under the CCPA.2 |
|
2. Knowingly Collects |
A company must “collect” personal information based upon the CCPA’s definition of the term collect.3 |
|
3. Sells to third parties |
A business must “sell” data to third parties as the term sale is utilized within the CCPA. 4 |
|
4. Personal Information |
The information sold must constitute “personal information” as that term is defined within the CCPA. 5 |
|
5. No direct relationship with a consumer |
The business must not have a direct relationship with the consumer about whom the business is selling personal information. |
1 Cal. Civ. Code 1798.99.80(d).
2 Cal. Civ. Code 1798.99.80(a) (incorporating by reference the CCPA’s definition of a business).
3 Cal. Civ. Code 1798.99.80(b) (incorporating by reference the CCPA’s definition of collection).
4 Cal. Civ. Code 1798.99.80(f) (incorporating by reference the CCPA’s definition of selling).
5 Cal. Civ. Code 1798.99.80(e) (incorporating by reference the CCPA’s definition of a personal information).
