The California Consumer Privacy Act (CCPA), which came into effect on January 1, 2020, took a different approach than the definition of a third party. Data protection law does not state what a third party is, but explains what it is not. However, how a company defines its suppliers is important because, under Data Protection Law, the company must disclose to California residents information relating to their personal data, as mentioned above, since it relates to third parties. However, a company is not required to pass this information on to California residents because it relates to service providers. Under data protection law, third parties are persons or organizations that are not the following: 1. the categories and specific personal information collected by the company about the consumer; 2. the categories of personal data that the company has sold through the consumer; 3. the categories of third parties to whom the consumer`s personal data have been sold (identified by category of personal data for each third party); and (4) the categories of personal data that the company has disclosed about the consumer for commercial purposes. CCPA 1798.110 (c).
Under the California Consumers Privacy Act (CCPA), any company that receives personal data that has not “collected” the consumer`s personal data (as generally defined in the CcpA), nor a 1798.140(w)(2) person are considered “third parties” with respect to that transfer. Nevertheless, there has been a lot of talk about similarities between the GDPR and the CCPA, and even more so about significant differences. The understanding of third parties and the requirements associated with them are the point where the practical input is urgent and useful. For global companies operating under both the GDPR and the CCPA, the fact that the rights of the data subject and consumers are at stake, as well as the contractual obligations and their enforcement will help to enhance the clarity of communication and communication related to them. The CCPA requires companies to apply opt-out mechanisms, disclose their data protection policies, register with a data shredder registry for information indirectly collected, and consult with parties receiving such data when they participate in the “sale” of consumer information. “sale” of information is defined as the sale, rental, disclosure, disclosure, dissemination, supply, transfer or other communication of a consumer`s personal data by the company to a third party in exchange for financial consideration or other value. . .