The Mozilla Corporation sharing user metadata with the Mozilla Foundation to assist with internal decision making may technically meet California's definition of "sale of data" despite constituting absolutely nothing even vaguely resembling what laypeople would consider a "sale of data".
Note that the CCPA's "third party" clause is part of an "OR" set, alongside "another business". Mozilla Foundation and Mozilla Corporation are respectively "another business" relative to each one's self, despite not being unrelated third parties.
The problem is not that Mozilla is actually selling user data (they're not in the sense that any layperson would understand "selling data" to mean), the problem is the way the California law is worded.
As usual, tech-illiterate politicians aren't even competent enough to write laws with the nuance and understanding required to not botch the entirely good and justified intention without pointing a loaded legal gun at the heads of the genuinely innocent. Think along the lines of the CFAA's legal risks to good-faith security researchers¹, or how the DMCA would technically criminalize discussion of how to decode Pig Latin if that was used as a copyrighted media protection technique.
It appears you are trying to explain why CCPA's does not meet the laypersons definition of "selling data". After reading your explanation I'm none the wiser. Given no one has replied, I suspect that's true for most people. They've just scratched their head and moved on.
I was about to do that too, when it dawned you probably have no idea people don't understand what you are saying. Maybe an example would help. Its needs top be something a layman would not consider to be "selling data" but the CCPA defines that way.
The Mozilla Corporation sharing user metadata with the Mozilla Foundation to assist with internal decision making may technically meet California's definition of "sale of data" despite constituting absolutely nothing even vaguely resembling what laypeople would consider a "sale of data".
Note that the CCPA's "third party" clause is part of an "OR" set, alongside "another business". Mozilla Foundation and Mozilla Corporation are respectively "another business" relative to each one's self, despite not being unrelated third parties.
The problem is not that Mozilla is actually selling user data (they're not in the sense that any layperson would understand "selling data" to mean), the problem is the way the California law is worded.
As usual, tech-illiterate politicians aren't even competent enough to write laws with the nuance and understanding required to not botch the entirely good and justified intention without pointing a loaded legal gun at the heads of the genuinely innocent. Think along the lines of the CFAA's legal risks to good-faith security researchers¹, or how the DMCA would technically criminalize discussion of how to decode Pig Latin if that was used as a copyrighted media protection technique.
¹ At least up until the Biden administration instructed the DoJ to be more sane and reasonable about this: https://www.justice.gov/archives/opa/pr/department-justice-a...