SB 1121 Amendments Kickoff Debate Over California Consumer Privacy Act Changes
SB 1121 is now the bill in the California Legislature to make technical corrections to the California Consumer Privacy Act, which was then known as AB 375 and signed into law on June 28, 2018.
There are a variety of small changes proposed in the law, such as adding a hyphen to opt-in and opt-out, as well as an s at the end of business’s. It also adds the term consumer to the middle of the phrase verifiable request. Because of the time pressure created by the November ballot initiative, AB 375 moved quickly through the legislative process and did not have the usual amount of scrutiny that would have fixed these issues already.
However, not all of the current amendments are entirely technical. The proposed changes create an exclusion for political speech and journalism from the obligations imposed on businesses and the rights afforded to consumers. The changes further make clear that the private right of civil action only applies to violations of Section 1798.150(a) of the Civil Code.
The bill amending the California Consumer Privacy Act was introduced by Senator Dodd and is coauthored by Senator Hertzberg and Assembly Member Chau. There is expected to be a lot of debate over the language of the bill this fall. A group of nearly 40 organizations sent a letter to Senator Bill Dodd this week concerning suggested changes to the California Consumer Privacy Act for consideration in SB 1121. Here are some of the key changes that these organizations proposed:
1. The delay of the Attorney General’s rulemaking process until after the conclusion of the legislative corrections process, and no enforcement of the law until 12 months after the final regulations have been published by the AG. According to the suggested revised text, the rulemaking process would start on or after January 1, 2020.
2. Alter the definition of consumer to exclude employees, contractors, and commercial/non-residential customers. They also are seeking to remove references to professional or employment-related information in the definition of personal information.
3. Change the definition of personal information to limit information to that which is “linked or reasonably linkable” to a particular consumer, eliminating the broader “could be associated with” standard. They would also remove references to household, devices and family.
4. Eliminate the requirement that specific pieces of personal information be provided as part of the right to access.
5. Enable granular controls for the right to opt out to eliminate the all or nothing nature of the transaction and permit consumers the choice to limit the opt out to specific types of personal information, specific types of sales of personal information, or sales to categories of third parties.
7. Exempt data currently governed under the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act and the Driver’s Privacy Protection Act.
8. Eliminate the willful disregard standard for opt-in consent for minors and impose an actual knowledge standard instead.
9. Give businesses 45 days to stop the sale of a customer’s personal information unless a different timeline is specified in another law.
10. Remove the data portability mandate contained in two sections.
11. Remove the requirement that businesses provide a toll-free phone number for opt-out.
12. Make clear that the privacy right of action only applies to a data breach, and that the AG has the exclusive right to bring a lawsuit under the rest of the law.
Update: A spokesperson as Senator Dodd’s office has said that SB 1121 will be limited to technical corrections only and more substantive changes would be considered after in 2019.
Improve Data Privacy for GDPR or CCPA with Clarip
The Clarip team and privacy management software are ready to meet your compliance automation challenges. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If compliance with the California Consumer Privacy Act is your focus until 2020, ask us about our CCPA software. Handle automation of data subject access requests with our DSAR Portal, or provide the right to opt out of the sale of personal information with the consent software.
Need to improve your GDPR compliance solution? Clarip offers modular GDPR software that can fill in gaps in your privacy program. Choose from the data mapping software for an automated solution to understanding your data collection and sharing, conduct privacy risk assessments with DPIA software, or choose the cookie consent manager for ePrivacy.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.
Other Blog Posts on the California Consumer Privacy Act:
PWC Survey on CCPA: Enterprise Compliance Expected at 52% by January 1, 2020
California Adopts SB-1121 Amendments to Consumer Privacy Act
SB 1121 to Amend California Consumer Privacy Act Soon
California AG Objects to 5 Sections of CCPA Privacy Law
SB 1121 Won’t Make Substantive Changes to New California Privacy Law
Expect AG to Issue California Privacy Regulations in June 2019
Will California’s Privacy Law Extend to the Rest of the Country?
Big Day for California Privacy Law
California to Pass New Privacy Law: CA Consumer Privacy Act