What is a ‘third party’ under CCPA?
UPDATED: October 2019
Key points:
Under the California Consumers Privacy Act (CCPA) any entity that receives personal information that is neither the businesses that “collected” (as broadly defined by CCPA) the personal information from the consumer nor a 1798.140(w)(2) person is deemed a ‘third party’ as regards to that transfer .
Third party is the broader category defined by CCPA and includes:
(1) All service providers,
(2) Any businesses other than the business that originally collected the personal information,
(3) Any other person that receives personal information except for a 1798.140(w)(2) person
Therefore, a service provider, is a subcategory of the broader concept of “third party”
Under the California Consumer Privacy Act (CCPA) organizations can take several roles with the most central one being that of a “businesses”, defined to be an organization that, by virtue of meeting certain thresholds, is directly subject to the Act. All the roles defined in CCPA other than “business” are assigned to entities that act as recipients of personal data in a data transfer.
A third party is the broader category defined under CCPA. Any entity that is neither the business that…
