Four More Privacy Bills (AB-25, AB-846, AB-873 & AB-1416) Added to CA Senate Judiciary Hearing

Four more CCPA Amendments have been added to the agenda for the California State Senate Judiciary Committee hearing on Tuesday. AB-25 (employee data), AB-846 (loyalty programs), AB-873 (deidentified information), and AB-1416 (four year fraud exemption) have been added to the agenda. Only AB-981 (insurance exemption) which was co-referred to the Senate Insurance Committee is missing from the packed agenda.

The deadline on the calendar for bills in the California State Legislature which have already been passed by the house of origin to proceed to the next level out of the policy committee is the end of next week. If a bill does not receive the support of the Senate Judiciary Committee, then it will probably be safe to label it dead for now.

Each of the privacy bills on the agenda of the Senate Judiciary Committee has already been passed on the floor of the California State Assembly. However, as we learned from the Washington Privacy Act, there are many competing interests at stake in privacy legislation and substantial support in one legislative body does not mean that the other branch will be able to pass it.

The addition of these four privacy bills makes a pretty full agenda for the July 9 hearing. There are eight amendments to the California Consumer Privacy Act and a few more privacy bills (such as children’s social media registration). In total, there are nearly 70 bills on the latest committee agenda. The hearing is set to begin at 9:30 AM (pacific) and continue in a different room (presumably after a lunch break) at 1:30 PM (pacific).

The bills are currently scheduled to be heard in file order which means that the privacy bills are not going to be heard at the same time. They are going to be interspersed among all of the legislation the committee is considering.

Here is a complete rundown of the privacy bills on the Tuesday agenda:

CCPA AMENDMENTS ON THE AGENDA:

AB25 – Employee Data
This amendment would exclude employees (and similar individuals) from the protections of the new California privacy law, except for the section allowing consumers to bring a class action based on a data breach involving personal information where the company did not have in place reasonable measures to prevent it. The version that passed the Assembly contained different language that excluded employees from the definition of a consumer.

AB846 – Loyalty Programs
This bill would add the proposed Section 1798.126 to permit businesses to offer a different price, rate, level or quality of goods or services to a consumer, as long as it is not unjust, unreasonable, coercive, or usurious in nature, and it is in connection with a consumer’s voluntary participation in a loyalty, rewards, discount or club card program.

AB873 – Deidentified PI
The change in the new privacy law would address business concerns about operational uncertainties in the CCPA around the steps a business should take to de-identify personal information.

AB874 – Publicly Available Information
This proposed bill clarifies the contours of the publicly available information exception to the definition of personal information. Specifically, it eliminates the “purpose” requirement within the exception. As a result, information lawfully made available in federal, state or local government records will be considered “publicly available” and excluded from the definition of personal information.

AB1146 – Vehicle Information Exemption
This bill excludes vehicle information shared in connection with a vehicle repair relating to warranty work or a recall between a new motor vehicle dealer and the vehicle’s manufacturer.

AB1355 – Technical Amendments
AB1355 clarifies various elements of the CCPA text and corrects a few drafting errors.

AB1416 – Four Year Exception for Sharing with Government or for Security/Fraud
This bill would alter sections of Section 1798.145 of the CCPA. It provides exemptions for businesses complying with rules or regulations in furtherance of state or federal laws, to the right to opt-out allowing the sale of personal information to detect security incidents or fraud, and allowing information to be provided to a government agency in furtherance of a government program provided that certain conditions are met. The changes will sunset on January 1, 2024 and it will revert to the previous version of this section.

AB1564 – Toll Free Number Alternative
The CCPA currently requires a business to have two or more designated methods available to consumers to make requests under the law. The business must have a toll-free telephone number. If it has an internet website, it also must provide a means to do so on its website. This proposed CCPA amendment would allow for a business to substitute an email address and physical address for the toll-free telephone number requirement.

OTHER PRIVACY BILLS ON THE AGENDA:

AB384 – Information privacy: digital health feedback systems
It extends the definition of personal health record for the purpose of the Confidentiality of Medical Information Act to include the use of a mobile app or other software/hardware to maintain personal health record information used by an individual at the direction of a health care provider.

AB1138 – Social media: the Parent’s Accountability and Child Protection Act
This bill prohibits business from creating accounts on a website or app for a person under 13 years of age without consent, on or after July 1, 2021.

AB1395 – Information privacy: other connected device with a voice recognition feature
The bill bars the use of a recording or transcript from a connected television or smart speaker for advertising or the sharing of it with a third-party. It also requires informing users on setup of the voice recognition feature and gathering consent for storage of a recording or trnascript at any location other than the device.