The challenge ahead – The CCPA’s anti discrimination clause

This is the tenth installment in Hogan Lovells’ series on the California Consumer Privacy Act.

One of the most controversial elements of the California Consumer Privacy Act (“CCPA”) is the establishment of an “anti-discrimination” right – businesses may not “discriminate” against consumers for exercising certain rights under the CCPA, and they will need to assess whether and how they can require consumers to accept certain data practices as a condition of service.  Compliance would be challenging even if the provision were articulated clearly, but as we have discussed in this blog series, the accelerated drafting process and passage of the CCPA earlier this year left little time for public comment and responsive amendments.  As a result, the law includes a series of ambiguities that complicate compliance, and nowhere is that more apparent than in the anti-discrimination provision.

This entry in Hogan Lovells’ ongoing series on the CCPA focuses on the law’s anti-discrimination clause, its ambiguities and potentially contradictory provisions, and impact on businesses.

1. The Prohibition on Discrimination

Section 1798.125 of the CCPA prohibits a business from discriminating against California consumers for exercising certain rights under the law.  Those rights include requests to access personal information, to delete information, and to opt out of the sale of personal information.

The statutory language specifies that discrimination includes, but is not limited to:

(a)   denying goods or services to consumers;

(b)   charging different prices or rates for goods or services, including through the use of discounts, benefits, or other penalties;

(c)   providing a different level or quality of goods or services; and

(d)   suggesting that a consumer will receive a different price or quality of goods or services if the consumer exercises rights under the law.

The CCPA provides certain exceptions to the general prohibition on discrimination.  Businesses may charge consumers different prices or offer different levels of service if the difference is “reasonably related to the value provided to the consumer by the consumer’s data.”  The CCPA also permits businesses to offer financial incentives—including payments to consumers as compensation for the collection, sale, or deletion of personal information—if the programs are not “unjust, unreasonable, coercive, or usurious in nature,” and if businesses notify consumers of these financial incentives, obtain opt in consent prior to enrolling a consumer in a financial incentive program, and provide consumers with the opportunity to revoke consent for such programs at any time.

The language suggests that the CCPA was intended to allow businesses to offer tiered pricing or service levels so long as the differences are reasonable or supported with affirmative consent.  However, as you delve deeper, the provisions for engaging in such activities require further analysis.

2. The Financial Incentive Provision is in Need of Further Clarification 

The CCPA generally prohibits discrimination against those who opt out of the sale of personal information or otherwise exercise a right under the law. But the law expressly allows businesses to offer reasonable financial incentive programs on an opt-in basis, as long as consumers can opt out and withdraw consent for such programs.

If a consumer opts out of a financial incentive program, they have exercised a right under the CCPA.  But can a business impose consequences for opting out of a financial incentive program to which a consumer has previously consented after being presented with the material terms of the program?

Looking at the statutory language, there is no clear answer.  Although the CCPA expressly supports financial incentive programs, there is a general prohibition on discriminating against consumers for exercising their CCPA rights.  So, the lawfulness of financial incentive programs may turn on whether the consequences of opting out are reasonable, as reasonableness is viewed under the CCPA.

3. The Challenge of Calculating the Value of the Data to the Consumer

Prohibited discrimination under the CCPA includes offering different prices, qualities of goods, or levels of service.  But businesses are permitted to offer different prices or levels of service, if the difference is “reasonably related to the value provided to the consumer by the consumer’s data.”  This leads to the question, “What is the value provided to the consumer by the consumer’s data?”

There is no single standard or process via which to measure the value of consumer data to each consumer.  Are businesses supposed to gauge the value of the data to a reasonable consumer?  Or must the value be assessed for each individual consumer?  The value of data to a consumer may be highly context-driven.  Absent clear guidance on how to calculate the value, businesses face a high degree of uncertainty.

Some have argued, including law professor Eric Goldman, that this language may have been a drafting error. And that a more appropriate measurement should be the value provided to the business, suggesting that discounts or incentives directly related to that value provided to the business would be permitted. If the law were written this way, it would preserve commonly used discounting programs.

4. The Practical Impacts on Businesses’ Data Sharing Relationships

As discussed in our previous post, in light of the broad definition of “sale,” consumers’ right to opt out of the sale of their personal information could disrupt many existing data sharing relationships.  Businesses or affiliates exchanging data about their mutual customers, even as part of a broader relationship, could potentially be viewed as engaging in a “sale” if it could be viewed as in exchange for “other valuable consideration.”  Such “sale” transfers would therefore be subject to consumer opt out.  And this broadly framed right to opt out of the sale of personal information, combined with the anti-discrimination provision, has the potential to significantly impact data-supported business models.

For example, a consumer could sign up for a free or discounted ad-supported version of a service and then opt out from the business’s provision of their personal data to the advertisers that make the service financially viable.  But if a consumer opts out of the sale of his or her data, the CCPA’s anti-discrimination clause may prohibit the business from taking certain actions in response.  And some responses would be permitted only if the difference in the level of service provided was “reasonably related to the value provided to the consumer by the consumer’s data.”  As noted above, businesses are currently left wondering what that standard means and how to implement it.

5. The Anti-Discrimination Clause in Employment and the Workplace

In the context of employment, as discussed in our previous post, there is still uncertainty as to whether the California legislature intended for the CCPA to apply to employee and HR data.  Employers collect personal information from employees as a necessary part of doing business.

If the CCPA does apply to employee data, employers will have to assess how they can best engage in routine data practices while respecting CCPA rights, particularly as the rights seem designed for traditional consumers.  For example, many employers share employee personal information with their affiliates, in some cases for compliance or investigation functions.


The CCPA’s anti-discrimination provisions limit businesses’ ability to deny services, charge different prices, or offer different qualities of services to consumers who exercise their rights under the law. The drafters allowed for businesses to offer financial incentives for data practices but did not define the term “financial incentives” or more clearly lay out the conditions under which they may be allowed as compensation for the collection, sale, or deletion of personal information.  And while the CCPA may be amended during the next legislative session to address its ambiguities and potential contradictions, businesses facing the challenge of CCPA compliance in the coming years will need to proactively assess and develop reasonable approaches to understanding data collection, use, and differential pricing practices for the goods and services offered to consumers.



Jonathan Hirsch, a Law Clerk in our Washington D.C. office, contributed to this entry.

Authored by Mark Brennan, James Denvil and Shee Shee Jin.



This website is operated by Hogan Lovells Solutions Limited, whose registered office is at 21 Holborn Viaduct, London, United Kingdom, EC1A 2DY. Hogan Lovells Solutions Limited is a wholly-owned subsidiary of Hogan Lovells International LLP but is not itself a law firm. For further details of Hogan Lovells Solutions Limited and the international legal practice that comprises Hogan Lovells International LLP, Hogan Lovells US LLP and their affiliated businesses ("Hogan Lovells"), please see our Legal Notices page. © 2022 Hogan Lovells.

Attorney advertising. Prior results do not guarantee a similar outcome.