There was an unexpected error authorizing you. Please try again.
arrow-downarrow-leftarrow-rightarrow-upbiocircleclosedownloadfacebookgplus instagram linkedinmailmenuphoneplaysearchsharespinnertwitteryoutube

CCPA, CPRA’s Hidden ‘Third Party Business’ Classification

CCPA, CPRA’s hidden 'third party business' classification

By now, we all know an organization can be a “business,” “service provider” or “third party” under the California Consumer Privacy Act. However, the questions of what a “third party” is and whether it is a mutually exclusive classification from “business” (or, to a lesser extent, “service provider”) still elicits widely divergent responses. And even if the California Privacy Rights Act passes Nov. 3, these questions will remain relevant.

We seek to demystify this classification conundrum by explaining that your organization is a “third party” whenever it receives personal information from another organization (unless your organization is receiving it in a “service provider” or similar capacity, as discussed in this article).

Read the Full Article on


Michael Hahn
Executive Vice President, General Counsel
at IAB & IAB Tech Lab

Sundeep Kapur
at Paul Hastings LLP