April 18, 2021

Volume XI, Number 108


April 16, 2021

Subscribe to Latest Legal News and Analysis

April 15, 2021

Subscribe to Latest Legal News and Analysis

So, what exactly is a ‘data broker’?

A data broker is defined under California law as a business that “knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship.”1 Based upon that definition, to be a data broker, the following five elements must be present:



1. Business

A company must be a “business” as that term is defined under the CCPA.2

2. Knowingly Collects

A company must “collect” personal information based upon the CCPA’s definition of the term collect.3

3. Sells to third parties

A business must “sell” data to third parties as the term sale is utilized within the CCPA. 4

4. Personal Information

The information sold must constitute “personal information” as that term is defined within the CCPA. 5

5. No direct relationship with a consumer

The business must not have a direct relationship with the consumer about whom the business is selling personal information.

1 Cal. Civ. Code 1798.99.80(d).

Cal. Civ. Code 1798.99.80(a) (incorporating by reference the CCPA’s definition of a business).

3 Cal. Civ. Code 1798.99.80(b) (incorporating by reference the CCPA’s definition of collection).

4 Cal. Civ. Code 1798.99.80(f) (incorporating by reference the CCPA’s definition of selling).

5 Cal. Civ. Code 1798.99.80(e) (incorporating by reference the CCPA’s definition of a personal information).

©2021 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XI, Number 64



About this Author

David A. Zetoony Privacy Attorney Greenberg Traurig

David Zetoony, Co-Chair of the firm's U.S. Data, Privacy and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cyber security laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he has defended corporate privacy and security practices in investigations initiated by the Federal Trade Commission, and other data privacy and security regulatory agencies around the world, as well as in class action litigation. 

David receives regular recognitions from clients and peers for...