>> Sec. 1355.01.(J) [...] "Personal data" does not include [...]
(2) Pseudonymized, deidentified, or aggregate data. [...]
Because ad-tech at large doesn't care about actually identifying an individual as long as they can engage with it. Example: Facebook provides access to large amounts of "pseudonymized" data to the SCL group, who runs their own analysis resulting in a map of pseudonym->propaganda. They then pay FB to engage the users based on that.
I am not a lawyer, but this case seems to not fall under OPPA, because everyone can argue that they did not share personal data. So the user has no right to be informed about their "pseudonymized data" being processed by the SCL group for the purpose of feeding them propaganda.
Similar case is google analytics. A webapp sets 'anonymize_ip: true' and avoids pushing the consumers name and postal address in the data layer and can then argue the collection of tracking data by the third party affiliate google is pseudonymized. Nevermind that google doesn't actually care about the consumers address as long as they can create a profile for the pseudonym.
The european unions GDPR has a chapter on profiling, which OPPA has not.
>> Sec. 1355.01.(J) [...] "Personal data" does not include [...] (2) Pseudonymized, deidentified, or aggregate data. [...]
Because ad-tech at large doesn't care about actually identifying an individual as long as they can engage with it. Example: Facebook provides access to large amounts of "pseudonymized" data to the SCL group, who runs their own analysis resulting in a map of pseudonym->propaganda. They then pay FB to engage the users based on that.
I am not a lawyer, but this case seems to not fall under OPPA, because everyone can argue that they did not share personal data. So the user has no right to be informed about their "pseudonymized data" being processed by the SCL group for the purpose of feeding them propaganda.
Similar case is google analytics. A webapp sets 'anonymize_ip: true' and avoids pushing the consumers name and postal address in the data layer and can then argue the collection of tracking data by the third party affiliate google is pseudonymized. Nevermind that google doesn't actually care about the consumers address as long as they can create a profile for the pseudonym.
The european unions GDPR has a chapter on profiling, which OPPA has not.