Answers to the Most Frequently Asked Questions Concerning Service Providers

Are all vendors considered “service providers” under the CCPA?

Are payment processors and acquiring banks “service providers” under the CCPA?

Are work email addresses and business contact information governed by the CCPA?

As used in the CCPA, do the terms “personal data,” and “personal information” mean the same thing?

Can a business share its marketing list with social media platforms in order to target advertising messages to specific social media users?

Can a business unilaterally amend a service provider agreement to incorporate requirements under the CCPA?

Can a company be sued under the CCPA for using behavioral advertising?

Can a company track whether someone has received email using web beacons, tracking pixels, or clear GIFs?

Can a service provider use and transfer personal information if they anonymize or aggregate it?

Can an independent contractor be considered a “service provider” under the CCPA?

Can corporate affiliates share information for marketing purposes?

Can employees bring a class action under the CCPA following a data breach?

Can non-California residents bring a class action under the CCPA following a data breach?

Do the terms “personal data,” and “personal information,” mean the same thing?

Does “personal information” include information that a business obtains from government records?

Does a company need to generate revenue in the United States in order for US privacy laws to apply?

Does an employer need to generate revenue in California in order for CCPA to apply?

Does an organization need to be “established” in the United States for US data privacy and security laws to apply?

Does the CCPA Allow an Individual Whose Email Address is Compromised Through a Data Breach to Recover Statutory Damages?

Does the CCPA allow an individual whose IP address is compromised through a data breach to recover statutory damages?

Does the CCPA Allow an Individual Whose Name is Compromised Through a Data Breach to Seek Statutory Damages?

Does the CCPA allow an individual whose work email address or business contact information is compromised through a data breach to bring a cause of action for damages?

Does the CCPA apply only to data about Californians?

Does the CCPA apply to employee data?

Does the CCPA apply to employee data?

Does the CCPA apply to information that has been de-identified?

Does the CCPA apply to non-profit employers?

Does the CCPA apply to non-profits?

Does the CCPA apply to personal data about non-Californians (e.g., Europeans)?

Does the CCPA define “personal information” differently for privacy and security purposes?

Does the CCPA impart the same requirements on businesses and service providers?

Does the CCPA incorporate the definition of “personal information” from other statutes?

Does the CCPA permit national class actions, or only state actions?

Does the CCPA require a cookie banner when a company uses first-party session cookies?

Does the CCPA require that a company allow consumers to opt-out (e.g., toggle off) analytics cookies?

Does the CCPA require that a company allow consumers to opt-out (e.g., toggle off) essential cookies?

Does the Term “Personal Information” Within the CCPA Mean the Same Thing as the Term “Personal Data” Within the GDPR?

Frequently Asked Questions Concerning Cookies and AdTech

How closely does Nevada’s new privacy law follow the CCPA?

How far can a company go to validate the identity of an individual making a data subject access request?

If a company collects personal information through a cookie, is it required to provide a consumer with a privacy policy?

If a company is based in California, will the CCPA apply to all data processed by the company?

If a company receives a data access request from an employee, will it have to share with them performance reviews and other notes and comments in their HR file that implicate other employees?

If a company receives a right to be forgotten request, does it have to delete the requestor’s IP address from its weblogs?

If a company that is not subject to the CCPA acquires a company that is subject to the CCPA, can the acquisition “infect” the data of the first company?

If a Service Provider has already agreed to a Data Processing Addendum that complies with the GDPR, is a business required to renegotiate the contract again for the CCPA?

If a website participates in behavioral advertising, does Nevada privacy law require that it disclose that it is “selling” consumers’ information?

If a website participates in behavioral advertising, does the CCPA require that it disclose that it is “selling” consumers’ information?

If an employer is based in California, will the CCPA requirements apply to all employee data held by the employer?

If I post a “do not sell my personal information” link on my website, and opt out those consumers that select it from receiving behavioral advertising cookies, have I complied with the CCPA?

Is a cookie considered “personal data?”

Is a service provider permitted to disclose personal information if it receives a civil subpoena or a discovery request?

Is a Service Provider Responsible if its Client Violates the CCPA?

Is an IP address considered “personal information” under the CCPA?

Is there an obligation to monitor service providers under the CCPA?

May an employer become subject to the CCPA because of a corporate transaction?

Nevada Beats California to the Punch – New Privacy Requirements To Take Effect in October

Under the CCPA, can a company send follow-up emails after hosting a trade show or conference?

What activities count as “processing?”

What are the different types of cookie banners?

What Does it Mean to “Do Business” in California?

What information is not “Personal Information” under the CCPA?

What is “personal Information?”

What is “personal information” under the CCPA?

What is a “consumer”?

What is the difference between a “first party cookie” and a “third party cookie”?

Will the CCPA lead websites to have EU-style cookie banners?