We may now have more clarity on what the California Consumer Privacy Act (the “CCPA”) will look like when it goes into effect on January 1, 2020. The California Assembly’s Committee on Privacy and Consumer Protection approved a series of bills last week that will now advance to the Appropriations Committee before being put to a full vote and potentially advancing to the California Senate for consideration.
Here are some of the proposed amendments that were approved:
- AB 25. An amendment that would modify the definition of “consumer” to exclude employees by modifying the definition to exclude “a natural person whose personal information has been collected by a business in the course of a person acting as a job applicant to, an employee of, a contractor of, or an agent on behalf of, the business, to the extent the person’s personal information is collected and used solely within the context of the person’s role as a job applicant to, an employee of, a contractor of, or an agent on behalf of, the business.”
- AB 846. This amendment seeks to clarify the treatment of retail loyalty programs under the CCPA. The amendment revises the non-discrimination provision in the law to state that the CCPA does not prohibit a business from offering different levels of service or price if such differential treatment is in connection with a consumer’s voluntary participation in a “loyalty, rewards, premium features, discount, or club card program.” The amendment would also make certain other adjustments to the non-discrimination mechanism in the law.
- AB 873. An amendment that would clarify the definition of “deidentified” and the handling of deidentified information as “information that does not reasonably identify or link, directly or indirectly, to a particular consumer, provided that the business makes no attempt to reidentify the information and takes reasonable technical and administrative measures designed to ensure that the data is deidentified, publicly commits to maintain and use the data in a deidentified form, and contractually prohibits recipients of the data from trying to reidentify it.” The amendment also seeks to remove the term “household” from the definition of “personal information.”
- AB 981. This amendment proposes to exempt from the CCPA “insurance institutions, agents, and support organizations” to the extent that those institutions are already subject to California’s Insurance Information and Privacy Protection Act (IIPPA). The IIPPA contains provisions that overlap in some respects with the CCPA. AB 981 would also modify IIPPA to expand certain privacy requirements, such as notice requirements.
- AB 1146. This amendment would exempt a defined category of vehicle information from the CCPA’s right to deletion and do not sell requirements. The amendment would apply to name and contact information of a vehicle owner, VIN, make, model, year, and odometer reading shared between a “new motor vehicle dealer” and the manufacturer with respect to vehicle repairs relating to warranty work or recalls.
- AB 1564. This amendment would modify the requirement in the CCPA that currently mandates that a business make available two or more designated methods for consumers to submit access requests to just one method. The amendment would require that a business make available either a toll-free telephone number or an email address for consumers to submit access requests. The amendment would also require businesses that maintain websites to make that website available to consumers to submit access requests.
Notably missing from the amendments approved by the Committee is AB 1760, the amendment introduced by Assembly member Buffy Wicks known as the “Privacy for All Act.” AB 1760 proposed to significantly alter the CCPA in several ways including by seeking to require businesses to obtain affirmative opt-in consent to share personal information. AB 1760 was withdrawn from consideration by the Committee.
We will continue to monitor the legislative process and will report on relevant further updates.
