Home Data-Driven Thinking The California Data Broker Registry’s Growing Significance For Ad Tech
OPINION: Data-Driven Thinking

The California Data Broker Registry’s Growing Significance For Ad Tech

By AdExchanger

SHARE:

Richard Eisert headshotData-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Richard Eisert, partner at Davis & Gilbert.

The California attorney general just released a final version of the regulations implementing the California Consumer Privacy Act (CCPA), and CCPA enforcement is still slated to begin on July 1. Before being finalized, the regulations were revised twice. The last round of revisions were adopted wholesale in the final regulations, which remain the only guidance provided by the attorney general on how the CCPA will be enforced.

Although it has received surprisingly little attention, the final regulations leave intact one of the most impactful changes for the ad tech ecosystem. This change – made when the draft regulations were revised earlier in the year – relates to how companies can “sell” personal information that they did not collect from consumers directly. The language in the final regulations is far from clear, and how the attorney general will answer this question will have major implications for the digital advertising landscape since it will determine how downstream participants who receive personal information from others can carry out media buys involving targeted ads.

In the now-final regulations, businesses that indirectly collect personal information from consumers may only “sell” onward that personal information without providing a pre-collection notice to consumers if they are registered as “data brokers” under California’s new data broker law. This highlights the rising importance of the data broker registry but creates new challenges for companies that have not yet registered as data brokers.

Pre-collection notice exemption

The CCPA requires businesses that collect a consumer’s personal information to provide a notice to the consumer at or before the point of collection. Since “collection” is broadly defined, some interpreted this requirement to apply even if the personal information is not collected directly from the consumer.

The initial draft regulations exempted businesses that did not collect personal information directly from consumers (who we will refer to as “intermediaries”) from providing pre-collection notices. But before selling the consumer’s information, they were required to either contact the consumers directly with a chance to opt out of the sale or obtain signed written proof from the source of the information describing how the pre-collection notice was given.

The final regulations do away with these steps. Instead, the regulations state that an intermediary need not provide pre-collection notice if it (1) does not sell that information or (2) is registered as a data broker with the attorney general and includes a link in its data broker registration to its privacy policy, if such policy explains how a consumer can submit an opt-out request.

Who is a data broker?

Under California law, businesses that knowingly collect and sell to third parties the personal information of consumers with whom the business does not have a direct relationship are data brokers that must register with the attorney general.

Although what constitutes a “direct relationship” is never defined, the data broker law provides examples of forging direct relationships, such as “by visiting a business’ premises or internet website, or by affirmatively and intentionally interacting with a business’ online advertisements,” with the key being the consumer’s knowledge about and control over the business’ data collection practices.

As defined, data brokers arguably could include many ad tech vendors and other participants in the targeted-ad buying process, since they do not have direct relationships with consumers yet may receive consumer personal information. Certain intermediaries that never receive or have access to personal information may argue that they do not sell personal information or need to register. These entities still must be mindful of the requirements of the regulations and perform due diligence to ensure that any organizations they work with that play a more direct role in collecting and selling personal information are registered as “data brokers.”

No clear answers

Although the language in the final regulations leaves intact the changes to the pre-collection notice exemption, the attorney general will need to clarify which downstream participants in the online advertising industry need to register as data brokers. While businesses engaging in targeted advertising may choose to register despite the lack of clarity, there are downsides to doing so, including the increased exposure of being listed on the registry. As a result, many businesses seem to be taking a wait-and-see approach.

As with other unclear CCPA requirements, businesses will need to assess their role in processing personal information – while simultaneously assessing the role of everyone they work with – and determine their appetite for risk and available means to mitigate that risk.

Follow Davis & Gilbert (@dglaw) and AdExchanger (@adexchanger) on Twitter.

Tagged in:

Must Read

CTV roundup

How AI Can Enhance Content Without Generating It

As much as consumers complain about AI-generated content, advertising experts say AI still has an important place in video creation and production, including for ads. But using AI in content without turning off consumers is a tricky dance.

Marketers

How Tovala Banks On Subscriptions And Incrementality – But Not Ads – To Profit From Its Oven

Smart TVs, refrigerators and other home appliances may pester you with marketing, but at least the hardware is cheap. Another startup taking a different approach to the same theory is Tovala, which was founded in 2015 and combines a standalone countertop oven with a weekly meal kit subscription.

Marketers

Shopify Wades Deeper Into Advertising, But Not Ad Tech

Shopify is slowly but surely making its way into the ads business. But the ecommerce leader maintains its laissez-faire approach to ad monetization.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
CTV

Advertisers Say They Need More Data From Netflix

Netflix touts sharper targeting, but buyers say its black-box approach – especially the lack of usable IP data – is blunting measurement and quietly pushing performance-driven spend elsewhere.

CTV

Walmart Buys Vibe.co To Woo SMBs To Streaming

Walmart will buy Vibe.co, a self-serve video ad platform, in hopes of attracting more small and medium-sized advertisers to connected TV.

OpenAI's debut in Cannes
ChatGPT ads

At Its First-Ever Cannes, OpenAI Says ‘We Are Clearly In The Advertising Business Now’

Bonjour, ChatGPT ads. OpenAI’s inaugural Cannes Lions appearance doubled as a coming‑out party for its baby ad business.

Popular

  1. CTV

    Walmart Buys Vibe.co To Woo SMBs To Streaming

    Walmart will buy Vibe.co, a self-serve video ad platform, in hopes of attracting more small and medium-sized advertisers to connected TV.

  2. Comic: Overfrequency
    CTV

    Omnicom Can Now Measure Ad Frequency Across Multiple CTV Platforms

    For the first time, Omnicom can directly compare ad frequency and performance across multiple major streamers, which typically prefer to keep data locked inside their walled gardens.

  3. OpenAI's debut in Cannes
    ChatGPT ads

    At Its First-Ever Cannes, OpenAI Says ‘We Are Clearly In The Advertising Business Now’

    Bonjour, ChatGPT ads. OpenAI’s inaugural Cannes Lions appearance doubled as a coming‑out party for its baby ad business.

  4. CTV

    Inside The Trade Desk’s Pitch For Ventura TV OS

    The Trade Desk is muscling its way into the TV operating system business with its Ventura OS – but the real story isn’t the product itself. It’s what TTD’s ambitions reveal about conflicts of interest within the industry and the inherent mismatch between consumer and advertiser needs.

  5. Sounds of nature. Musical notes scattered above rolling ocean waves on sandy beach
    Cannes Lions 2026

    Cannes-terview: Why Audio Ad Spend Still Lags, According To Spotify’s VP Of Product

    Not unlike gaming, audio commands time and attention, but the ad dollars haven’t caught up. It’s a head-scratcher, says Spotify’s Per Sandell.