Search

California's CCPA Direct Marketing Rule - The National Law Review

susilangs.blogspot.com

Advertisement

The CCPA generally does not require that a company obtain the consent (or the “opt-in”) of a person before collecting or using their personal information. Consent is, required, however, in the following situations:

  1. Exemption from the definition of “sale.” The CCPA’s broad definition of “sale” could encompass a number of ordinary information transfers in addition to the transfer of data in exchange for money. The CCPA exempts from the definition of “sale” any transfer that takes place because the “consumer uses or directs the business” to “intentionally disclose personal information” to a third party.1 In other words, if a consumer consents, or opts in, to an information transfer it is not considered a “sale” under the CCPA.

  1. Sale of information about minors. The CCPA prohibits a business from knowingly selling the personal information of a consumer that is “less than 16 years of age” unless the consumer (in the case of individuals between 13 and 16) or the guardian (in the case of individuals under the age of 13) has “affirmatively authorized the sale” of personal information.In other words, opt-in consent is needed to sell the information of a minor. Paradoxically, if a business obtained the affirmative consent to transfer personal information, as discussed in the previous paragraph, technically the information transfer might not be a “sale” at all.

  1. Financial incentive programs. The CCPA provides that a business may only enter into a financial incentive program with a consumer if the consumer gives “prior opt-in consent.”3

  1. Re-soliciting the ability to sell. The CCPA states that if a person opts out of the sale of information (e.g., clicks a “Do Not Sell My Personal Information” link) a business is not permitted to solicit their consent (or opt in) to a future sale for “at least 12 months.”4

  1. Re-soliciting the ability to share sensitive personal information. The CPRA modified the CCPA to provide that, by Jan. 1, 2023, if a person opts out of the sharing of their sensitive personal information (e.g., clicks a “Do Not Share My Sensitive Personal Information” link) a business is not permitted to solicit their consent (or opt in) to additional sharing of such information for “at least 12 months.”5


Cal. Civ. Code 1798.140(ad)(2)(A), (B). The CCPA originally indicated that the third-party recipient could not “also sell the personal information, unless that disclosure would be consistent with the provisions of [the CCPA].” Cal. Civ. Code 1798.140(t)(2)(A) (Oct. 2020). It is unclear whether that restriction applied to situations in which a consumer intentionally interacted with a third party, situations in which a consumer directed the business to disclose personal information to a third party, or both. In either case, the restriction was removed by the CPRA, although technically the amendment does not become effective until Jan. 1, 2023.

2 Cal. Civ. Code 1798.120(c).

3 Cal. Civ. Code 1798.125(b)(3).

4 Cal. Civ. Code 1798.135(c)(4).

Cal. Civ. Code 1798.121(b), 135(c)(4).

Advertisement

©2020 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XI, Number 22

Let's block ads! (Why?)



"direct" - Google News
January 23, 2021 at 05:30AM
https://ift.tt/3qE8qhc

California's CCPA Direct Marketing Rule - The National Law Review
"direct" - Google News
https://ift.tt/2zVRL3T
https://ift.tt/2VUOqKG
Direct

Bagikan Berita Ini

0 Response to "California's CCPA Direct Marketing Rule - The National Law Review"

Post a Comment

Powered by Blogger.