The California Attorney General unveiled its data broker registry on Monday. On or before January 31st, companies qualifying as a “data broker” based on the prior year’s activities are required to register their name and contact information with the Attorney General and may provide a statement concerning their data collection practices. A list of “data brokers” will be published for public inspection.
California law defines a business as a “data broker” when it “knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship.” That definition is considerably broader than the definition of a “data broker” under Vermont’s now year-old registration requirement.
After registering for an account, a user on the Attorney General’s website can submit a registration of a data broker. The registration page includes the following fields:
- Data broker name
- Email address
- Website URL
- Address, City, State & Zip Code
- A description of how a consumer may opt out of sale or submit requests under the CCPA.
- A description of how a protected individual can demand deletion of information posted online under Gov. Code 6208.1(b) or 6254.21(c)(1). These code sections relate to legal protections for government officials and victims of domestic violence, sexual assault, and stalking who would like their personal contact information removed from being posted publicly on the internet.
- Additional information about data collecting practices.
In an emergency regulation approved on December 18, 2019, the California Department of Justice set the initial registration fee at $360. The fee is based on an assumption that 1,000 data brokers will register, splitting almost evenly the $360,972 estimated costs of setting up the registration website. By comparison, only 165 data brokers are listed in the Vermont data broker registry.