How Does California Define a Data Broker?

Home » How Does California Define a Data Broker?

Under the California Delete Act and related provisions of the California Consumer Privacy Act, a “data broker” is generally defined as a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship.

The definition focuses on two primary elements:

No direct relationship with the consumer, and
Sale of personal information to third parties.

A “direct relationship” typically means the consumer intentionally interacts with the business – for example, by purchasing a product, creating an account, subscribing to a service, or otherwise knowingly providing information directly to the company.

Businesses that obtain personal information from third-party sources and then sell, license, or otherwise make that information commercially available may fall within California’s statutory definition.

California’s framework also includes specific exclusions and cross-references to broader CCPA definitions. Because the state imposes enhanced registration, deletion, and documentation obligations – including participation in the centralized deletion mechanism – organizations should conduct and document a formal California-specific applicability analysis.

For detailed implementation guidance, workflow templates, and regulator-ready documentation tools, visit the CLIClaw Data Broker Compliance Library.