In 2019, California became the second state in the country to pass a data broker law.  The bill that passed, A.B. 1202, requires “data brokers” to register with the OAG and pay a fee to that office.  Registration is required by Jan. 31, 2020.   The legislation adds Title 1.81.48  to the Civil Code, Div. 3, Part 4.  The first state to pass a data broker law was Vermont.  Additional information in the Vermont data broker law may be found online with the Secretary of State.

A summary of the California data broker registration requirements can be found at a Hogan Lovells blog post.  Last week the Washington Post had a story, So far, under California’s new privacy law, firms are disclosing too little data — or far too much.  The story leads with the fact that the state data broker law “was supposed to push companies toward greater transparency around the reams of data they collect every day. But weeks after the landmark law went into effect, the early results are not yet bringing consumers much clarity.” 

Facebook and other companies have taken the lion’s share of the focus for proponents of the CCPA.  A recent opinion piece in Inc reports that Facebook has taken the position that the CCPA does not apply to the company.  “According to The Wall Street Journal, the company believes that ‘its trackers’ data collection doesn’t constitute ‘selling’ data under the California law and that it therefore doesn’t believe it is required to make changes.”  The story is California’s Sweeping Privacy Law Goes Into Effect Next Month but Facebook Says It Doesn’t Apply to Its Business.  As noted in the story, “[t]he key argument Facebook is making is that its regular business activity of creating a profile about you, tracking what you do online, and then allowing advertisers to target you with ads based on that information, doesn’t constitute a sale of your personal information. It also says that it already allows people to ‘easily manage their privacy and understand their choices with respect to their data.’”