In re Thai

Plain English (For Everyone)

Imagine a store that's supposed to have a clear sign telling you if they sell your shopping habits to others. This case says that even if the store didn't mean to hide the sign, if it wasn't clearly visible, they still broke the rule. The court looked at what the store knew about the rules, not just if they intended to break them, to decide if they 'knowingly' violated the law.

For Legal Practitioners

The appellate court affirmed that a 'knowing' violation of the CCPA, specifically the failure to provide a 'Do Not Sell' link, does not require intent to violate the law. The court focused on the defendant's awareness of CCPA requirements, evidenced by internal policies and employee testimony, to establish knowledge. This ruling lowers the bar for proving 'knowing' violations and underscores the need for robust, proactive compliance programs rather than relying on a defense of unintentional oversight.

For Law Students

This case tests the definition of 'knowing' violation under the CCPA. The court held that awareness of the law's requirements, even without intent to violate it, suffices. This fits into the broader doctrine of statutory interpretation regarding mens rea in civil regulatory statutes. An exam issue could be distinguishing 'knowing' from 'intentional' violations and applying this standard to other CCPA provisions or similar privacy laws.

Newsroom Summary

A California appeals court ruled that businesses can be found to have 'knowingly' violated the state's privacy law, the CCPA, even if they didn't intend to. The decision focused on whether the company understood its obligations, not whether it meant to break the rules, impacting how businesses must comply with privacy regulations.

Constitutional Issues

Right to access public records under state law.

Rule Statements

"The purpose of the CPRA is to open governmental records to the public, consistent with the need for the government to perform its duties efficiently and effectively."

"An agency seeking to withhold records under an exemption bears the burden of proving that the exemption applies."

"To justify withholding records under the preliminary draft exemption, the agency must show that the documents were not retained in the ordinary course of business."

Remedies

Reversal of the superior court's denial of the writ of mandate.Remand to the superior court with directions to issue a writ of mandate compelling the County to disclose the identified records, subject to any applicable exemptions that the County can properly demonstrate.

Parties

• In re Thai (party)

Scenario: You're browsing an online store and want to stop them from selling your personal data. You look for a 'Do Not Sell My Personal Information' link, but it's hard to find or missing entirely.

Your Rights: You have the right to easily find and click a 'Do Not Sell My Personal Information' link on websites that sell your data. If it's not there or is hidden, the business may have violated your rights under the CCPA.

What To Do: If you encounter a website that doesn't clearly provide a 'Do Not Sell' link, you can file a complaint with the California Attorney General's office or the California Privacy Protection Agency. You may also have grounds to sue the business directly for statutory damages if the violation is 'knowing'.

Is it legal for a business to not provide a 'Do Not Sell My Personal Information' link if they sell my data?

No, it is generally not legal for businesses operating in California that sell personal information to consumers to fail to provide a clear and conspicuous link titled 'Do Not Sell My Personal Information' or a similar statement. This ruling clarifies that even if the failure to provide the link was unintentional, if the business knew about the CCPA's requirements, it can be considered a 'knowing' violation.

This ruling specifically applies to the California Consumer Privacy Act (CCPA) and therefore primarily affects businesses that collect personal information from California residents and engage in the sale of that information.

For Online businesses operating in California

Businesses must ensure their 'Do Not Sell My Personal Information' links are not only present but also conspicuous and easily accessible to consumers. Proactive compliance and robust internal policies are crucial, as ignorance of the specific violation is no longer a strong defense against 'knowing' violations.

For Consumers in California

Consumers have a clearer path to asserting their right to opt-out of the sale of their personal information. This ruling strengthens their ability to hold businesses accountable for failing to provide the required opt-out mechanisms, even if the business claims the oversight was unintentional.

Q: What is In re Thai about?

In re Thai is a case decided by California Court of Appeal on January 13, 2026.

Q: What court decided In re Thai?

In re Thai was decided by the California Court of Appeal, which is part of the CA state court system. This is a state appellate court.

Q: When was In re Thai decided?

In re Thai was decided on January 13, 2026.

Q: What is the citation for In re Thai?

The citation for In re Thai is . Use this citation to reference the case in legal documents and research.

Q: What is the case name and what court decided it?

The case is In re Thai, and it was decided by the California Court of Appeal, Third Appellate District (calctapp). This appellate court reviewed a decision made by a lower trial court regarding alleged violations of the California Consumer Privacy Act (CCPA).

Q: Who were the parties involved in the In re Thai case?

While the case is styled 'In re Thai,' the primary parties involved were the California Attorney General, who initiated the action, and the defendant, a business that allegedly violated the CCPA. The specific business entity is not explicitly named in the provided summary but is referred to as the 'defendant.'

Q: What specific law was at issue in the In re Thai case?

The central law at issue in In re Thai was the California Consumer Privacy Act (CCPA). The case specifically focused on the CCPA's requirement for businesses to provide a clear and conspicuous link on their website titled 'Do Not Sell My Personal Information.'

Q: What was the core dispute in the In re Thai case?

The core dispute in In re Thai revolved around whether the defendant business committed a 'knowing' violation of the CCPA by failing to include the mandatory 'Do Not Sell My Personal Information' link on its website. The Attorney General alleged a violation, and the defendant contested the 'knowing' nature of the violation.

Q: What was the outcome of the In re Thai case at the appellate level?

The appellate court affirmed the trial court's decision, ruling in favor of the California Attorney General. The court held that the defendant's failure to provide the 'Do Not Sell My Personal Information' link constituted a 'knowing' violation of the CCPA.

Q: Is In re Thai published?

In re Thai is a published, precedential opinion. Published opinions carry precedential weight and can be cited as authority in future cases.

Q: What was the ruling in In re Thai?

The court ruled in favor of the defendant in In re Thai. Key holdings: The court held that a "knowing" violation of the CCPA does not require intent to violate the law, but rather knowledge of the facts that constitute the violation. This interpretation is based on the plain language of the statute and its legislative intent.; The court found sufficient evidence that the defendant "knew" it was selling personal information and was aware of the CCPA's requirements regarding the "Do Not Sell" link, even if the failure to provide the link was an oversight.; The court rejected the defendant's argument that the CCPA's "safe harbor" provision applied, as the defendant did not demonstrate good-faith efforts to comply with the law prior to the alleged violation.; The court affirmed the trial court's decision to award statutory damages under the CCPA, finding that the defendant's "knowing" violation justified the imposition of penalties.; The court clarified that the CCPA's "knowingly" standard is met when a business is aware of the conduct that constitutes the violation, not necessarily that the conduct itself is illegal..

Q: Why is In re Thai important?

In re Thai has an impact score of 75/100, indicating significant legal impact. This decision provides critical clarity on the "knowing violation" standard under the CCPA, indicating that businesses cannot escape liability by claiming ignorance of the law's specific requirements if they are aware of the underlying facts constituting the violation. It serves as a strong reminder for all businesses handling personal information to implement comprehensive compliance strategies and proactively address data privacy obligations.

Q: What precedent does In re Thai set?

In re Thai established the following key holdings: (1) The court held that a "knowing" violation of the CCPA does not require intent to violate the law, but rather knowledge of the facts that constitute the violation. This interpretation is based on the plain language of the statute and its legislative intent. (2) The court found sufficient evidence that the defendant "knew" it was selling personal information and was aware of the CCPA's requirements regarding the "Do Not Sell" link, even if the failure to provide the link was an oversight. (3) The court rejected the defendant's argument that the CCPA's "safe harbor" provision applied, as the defendant did not demonstrate good-faith efforts to comply with the law prior to the alleged violation. (4) The court affirmed the trial court's decision to award statutory damages under the CCPA, finding that the defendant's "knowing" violation justified the imposition of penalties. (5) The court clarified that the CCPA's "knowingly" standard is met when a business is aware of the conduct that constitutes the violation, not necessarily that the conduct itself is illegal.

Q: What are the key holdings in In re Thai?

1. The court held that a "knowing" violation of the CCPA does not require intent to violate the law, but rather knowledge of the facts that constitute the violation. This interpretation is based on the plain language of the statute and its legislative intent. 2. The court found sufficient evidence that the defendant "knew" it was selling personal information and was aware of the CCPA's requirements regarding the "Do Not Sell" link, even if the failure to provide the link was an oversight. 3. The court rejected the defendant's argument that the CCPA's "safe harbor" provision applied, as the defendant did not demonstrate good-faith efforts to comply with the law prior to the alleged violation. 4. The court affirmed the trial court's decision to award statutory damages under the CCPA, finding that the defendant's "knowing" violation justified the imposition of penalties. 5. The court clarified that the CCPA's "knowingly" standard is met when a business is aware of the conduct that constitutes the violation, not necessarily that the conduct itself is illegal.

Q: What cases are related to In re Thai?

Precedent cases cited or related to In re Thai: Cal. Civ. Code § 1798.150; Cal. Civ. Code § 1798.199.80; Cal. Civ. Code § 1798.140(ad); Cal. Civ. Code § 1798.150(b).

Q: What does the appellate court's decision in In re Thai mean for the definition of a 'knowing' violation under the CCPA?

The appellate court in In re Thai clarified that a 'knowing' violation of the CCPA does not require intent to violate the law. Instead, it means the business was aware of the facts that constituted the violation, even if the violation itself was unintentional. The court found the defendant's awareness of CCPA requirements, demonstrated by internal policies and testimony, met this standard.

Q: What specific CCPA requirement did the defendant in In re Thai fail to meet?

The defendant in In re Thai failed to meet the CCPA's requirement to include a 'Do Not Sell My Personal Information' link on its website. This link is crucial for consumers to exercise their right to opt-out of the sale of their personal information.

Q: How did the court in In re Thai interpret the term 'knowing' in the context of CCPA violations?

The court in In re Thai interpreted 'knowing' to mean that the business understood the facts that constituted the violation, not necessarily that it intended to break the law. Evidence of the defendant's internal policies and the testimony of its privacy officer showed awareness of the CCPA's existence and requirements, thus satisfying the 'knowing' element.

Q: What evidence did the court consider to determine if the violation was 'knowing' in In re Thai?

The court considered the defendant's internal policies related to privacy and compliance, as well as the testimony provided by its own privacy officer. This evidence demonstrated that the company was aware of the CCPA's existence and its obligations under the law, even if they missed the specific requirement for the 'Do Not Sell' link.

Q: Did the court in In re Thai find that the defendant intentionally violated the CCPA?

No, the court in In re Thai did not find that the defendant intentionally violated the CCPA. Instead, the court focused on whether the violation was 'knowing,' meaning the defendant was aware of the facts that constituted the violation, such as the existence of the CCPA and its requirements, regardless of intent.

Q: What is the legal standard for 'knowing' violations under the CCPA as clarified by In re Thai?

The In re Thai case clarified that the legal standard for a 'knowing' violation under the CCPA requires proof that the business was aware of the facts giving rise to the violation. This awareness can be demonstrated through internal policies, employee knowledge, or other evidence showing comprehension of the relevant legal obligations, even without specific intent to violate the law.

Q: What precedent or legal principles did the court rely on in In re Thai?

While the summary doesn't detail specific prior cases, the court's reasoning in In re Thai relies on the statutory interpretation of the CCPA, particularly the definition of 'knowing' violation. The court applied principles of statutory construction to determine the legislature's intent regarding accountability for privacy law breaches.

Q: Does the ruling in In re Thai mean businesses can't claim ignorance of the CCPA?

The ruling in In re Thai suggests that businesses cannot easily claim ignorance of the CCPA, especially if they have internal policies or personnel aware of its requirements. The court's focus on the 'knowing' standard implies that a reasonable level of diligence and awareness of applicable laws is expected.

Q: How does In re Thai affect me?

This decision provides critical clarity on the "knowing violation" standard under the CCPA, indicating that businesses cannot escape liability by claiming ignorance of the law's specific requirements if they are aware of the underlying facts constituting the violation. It serves as a strong reminder for all businesses handling personal information to implement comprehensive compliance strategies and proactively address data privacy obligations. As a decision from a state appellate court, its reach is limited to the state jurisdiction. This case is moderate in legal complexity to understand.

Q: What are the practical implications of the In re Thai decision for businesses operating in California?

The practical implication of In re Thai is that businesses must ensure they are not only aware of the CCPA's requirements but also actively implementing them. This includes prominently displaying the 'Do Not Sell My Personal Information' link and understanding that even unintentional omissions can lead to penalties if the business was aware of the obligation.

Q: Who is most affected by the In re Thai ruling?

Businesses that collect and sell personal information of California consumers are most directly affected by the In re Thai ruling. This includes a wide range of companies, from online retailers to data brokers, who must now be particularly diligent in their CCPA compliance efforts.

Q: What changes should businesses make to their compliance strategies after In re Thai?

Following In re Thai, businesses should review and update their CCPA compliance strategies to ensure the 'Do Not Sell My Personal Information' link is clearly visible and functional. They should also enhance internal training and policy enforcement to confirm all employees understand and adhere to CCPA mandates.

Q: Does the In re Thai decision impact small businesses differently than large corporations?

The CCPA, and by extension the In re Thai ruling, applies to businesses meeting certain thresholds, including revenue and data processing volume. While the core legal standard remains the same, the resources available to large corporations might make compliance easier, but all covered businesses face the same 'knowing' violation standard.

Q: What are the potential penalties for businesses found to have 'knowing' CCPA violations like in In re Thai?

The summary does not specify the exact penalties imposed in In re Thai. However, the CCPA generally allows for statutory damages for consumers and civil penalties sought by the Attorney General, which can be significant, particularly for 'knowing' violations.

Q: How does the In re Thai ruling fit into the broader history of privacy law in California?

The In re Thai ruling is a significant development in the history of privacy law in California, representing one of the first appellate interpretations of 'knowing' violations under the CCPA. It reinforces the state's commitment to consumer privacy rights established by the CCPA, building upon earlier privacy initiatives.

Q: How does the CCPA, and the In re Thai interpretation, compare to federal privacy laws?

The CCPA, as interpreted in In re Thai, provides consumers with rights like the 'Do Not Sell' option that are more comprehensive than many existing federal privacy laws, which are often sector-specific. The CCPA's broad applicability and focus on data sales create a distinct regulatory landscape compared to federal statutes.

Q: What legal doctrines or principles existed before the CCPA that In re Thai builds upon?

Before the CCPA, California had various privacy protections, often focused on specific types of data or industries. The CCPA, and subsequent interpretations like In re Thai, represent a more consolidated and expansive approach to consumer data privacy, building on the general principles of data protection and consumer rights.

Q: What was the docket number in In re Thai?

The docket number for In re Thai is A170701M. This identifier is used to track the case through the court system.

Q: Can In re Thai be appealed?

Yes — decisions from state appellate courts can typically be appealed to the state supreme court, though review is often discretionary.

Q: How did the In re Thai case reach the California Court of Appeal?

The case reached the California Court of Appeal because the defendant likely appealed the trial court's decision after it was found to have committed a 'knowing' violation of the CCPA. The appellate court's role was to review the trial court's findings and legal conclusions for errors.

Q: What procedural issue was central to the appellate court's review in In re Thai?

The central procedural issue reviewed by the appellate court in In re Thai was the trial court's determination that the defendant's actions constituted a 'knowing' violation of the CCPA. The appellate court examined whether the trial court correctly applied the legal standard for 'knowing' violations based on the evidence presented.

Q: Did the appellate court in In re Thai re-examine the facts of the case or just the legal interpretation?

The appellate court in In re Thai primarily reviewed the legal interpretation of 'knowing' violation under the CCPA, based on the facts established by the trial court. While they considered the evidence presented (internal policies, testimony), their focus was on whether the trial court correctly applied the law to those facts, rather than re-trying the factual dispute.

Q: What is the significance of the appellate court affirming the trial court's decision in In re Thai?

The significance of the appellate court affirming the trial court's decision in In re Thai is that it validates the lower court's finding and strengthens the precedent for how 'knowing' CCPA violations are assessed. It signals that businesses must take proactive steps to comply, as awareness of the law's existence can be sufficient for liability.