Privacy Law
California Privacy Legislation Summary
By: Kewa Jiang
As 2024 begins, we look back on the year 2023’s legislative session and the four privacy legislation that wound their way through the Assembly and Senate. On July 14, 2023, the California Privacy Protection Agency (CPPA) unanimously voted to show their support for all four legislation because each “supports the CPPA’s mission of protecting the privacy rights of Californians.” Below is a brief summary of each legislation and their status.
AB 947: Amend California Consumer Privacy Act of 2018 – Sensitive Personal Information
Status: Approve by Governor
The California Consumer Privacy Act of 2018 currently defines consumers’ “sensitive personal information” as personally identifying information, such as driver’s license or passport, financial information, racial or ethnic origin, religious or philosophical beliefs, or union membership. AB 947 aims to expand the current definition to include protection of consumers’ citizenship or immigration status.
AB 1546: Amend California Consumer Privacy Act of 2018 -Statute of Limitations
Status: Passed
Currently the California Attorney General’s office has a 1 year statute of limitation to bring enforcement action after the cause of action accrued. AB 1546 would extend the AG office’s statute of limitation to 5 years, which aligns it with the statute of limitation under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (CPRA).
AB 1194: Amend California Privacy Rights Act of 2020 -Exempt Abortion Services
Status: Approve by Governor
AB 1194, introduced by Assemblymember Wendy Carrillo, would subject any consumers’ personal information related to “accessing, procuring, or searching for services regarding contraception, pregnancy care, and perinatal care, including, but not limited to, abortion services” to the protection of the CPRA. Currently, under CPRA such information is exempt from the Act’s protection. Assemblymember Carrillo explained the bill will close a loophole and “will ensure that the right to privacy when one is making personal healthcare decisions is never subject to unwanted scrutiny.”
SB 362: Amend Data Broker Registration -Accessible Deletion Mechanism (Delete Act)
Status: Approve by Governor
SB 362, introduced by California Senator Josh Becker, would amend the Data Broker Registration passed in 2020. Senator Becker explained that “The Delete Act is based on a very simple premise: Every Californian should be able to control who has access to their personal information and what they can do with it.”
SB 362 seeks to transfer administrative and rulemaking power to the California Privacy Protection Agency from the Department of Justice.
In addition, the bill seeks to require an accessible deletion mechanism that would allow consumers to “request that every data broker that maintains any personal information delete any personal information related to that consumer held by the data broker or associated service provider or contractor.” The bill would also require data brokers to delete any information regarding the consumer every 31 days and prevent the sale or sharing of new personal information collected about the consumer. Data brokers would be subject to an audit every three years. If the data broker fails to comply with consumer requests, the Agency will assess a fee, which will be added to the Data Brokers’ Registry Fund.
Looking Ahead
California joins numerous states in the 2023 legislative session working towards greater reproductive health and consumer privacy protection.