March 29, 2023

Volume XIII, Number 88


March 28, 2023

Subscribe to Latest Legal News and Analysis

March 27, 2023

Subscribe to Latest Legal News and Analysis

What Is Aggregated Data?

The California Consumer Privacy Act and the California Privacy Rights Act specifically state that they do not restrict a business’s ability to collect, use, retain, sell, share, or disclose “aggregated consumer information.”[1] Aggregate consumer information is defined as “information that relates to a group or category of consumers, from which individual consumer identities have been removed, that is not linked or reasonably linkable to any consumer or household, including via a device. ‘Aggregate consumer information’ does not mean one or more individual consumer records that have been deidentified.”[2]  

Other modern state data privacy laws do not expressly exempt aggregated personal data from their scope, but some (Utah) expressly exempt aggregated data from their definition of personal information.  For the remainder of state statutes (i.e., Colorado, Connecticut, and Virginia) while there is no express exemption for aggregated data, most aggregated data is implicitly exempted insofar as once data has been aggregated it arguably no longer satisfies the definition of personal information. For example, if information about multiple consumers has been combined to create an average, or aggregate, statistic, that information arguably no longer is “linked or reasonably linkable to an identified or identifiable natural person,”[3] and, therefore, would no longer be “personal data” under the VCDPA. The following chart compares and contrasts how the modern state data privacy laws treat aggregated data:

Click here for a side-by-side comparison of how the modern state data privacy laws treat aggregated data.


[1] Cal. Civ. Code § 1798.145(a)(6) (West 2021) (emphasis added).

[2] Cal. Civ. Code § 1798.140(a) (West 2020).

[3] Va. Code § 59.1-571 (2022)

©2023 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XII, Number 294

About this Author

David A. Zetoony Privacy Attorney Greenberg Traurig

David Zetoony, Co-Chair of the firm's U.S. Data, Privacy and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cyber security laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he has defended corporate privacy and security practices in investigations initiated by the Federal Trade Commission, and other data privacy and security regulatory agencies around the world, as well as in class action litigation. 

David receives regular recognitions from clients and peers for...