The CCPA has dramatically changed how companies must think of data collection and disclosure by using a definition of “personal information” that goes far beyond its conventional meaning and creating a concept of “sale” of information that captures many online exchanges of information that were previously—in the United States anyway—thought to be unimportant. This session will discuss, with examples, the different technologies used to disclose data directly to third parties and which are within the scope of the CCPA: browser cookies, HTML5 localStorage, IndexedDB, mobile device IDs, advertising IDs, and others. The session will identify how to think about third parties; identify which kinds of entities will be considered service providers under CCPA and which kinds won’t; and considerations for adjusting legal relationships or technical features to reduce risk. The goal will be to arm attendees with knowledge and ideas with which to engage their technical and dev teams when striving for CCPA compliance.
Steven B. Roosa, Head of NRF Digital Analytics and Technology Assessment Platform, Norton Rose Fulbright