Enter your email address and we'll send you a link you can use to pick a new password.

If you no longer have access to the email inbox for your username, enter it here. If you have a recovery email on your account we'll send instructions to that email to change your username.

If you do not have a recovery email, contact [email protected]

arrow-downarrow-leftarrow-rightarrow-upbiocircleclosedownloadfacebookgplus instagram linkedinmailmenuphoneplaysearchsharespinnertwitteryoutube

CCPA, CPRA’s Hidden ‘Third Party Business’ Classification

CCPA, CPRA’s hidden 'third party business' classification

By now, we all know an organization can be a “business,” “service provider” or “third party” under the California Consumer Privacy Act. However, the questions of what a “third party” is and whether it is a mutually exclusive classification from “business” (or, to a lesser extent, “service provider”) still elicits widely divergent responses. And even if the California Privacy Rights Act passes Nov. 3, these questions will remain relevant.

We seek to demystify this classification conundrum by explaining that your organization is a “third party” whenever it receives personal information from another organization (unless your organization is receiving it in a “service provider” or similar capacity, as discussed in this article).

Read the Full Article on IAPP.org


Michael Hahn
Executive Vice President, General Counsel
at IAB & IAB Tech Lab

Sundeep Kapur
at Paul Hastings LLP