• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

Which CCPA Amendments Made the Cut?

April 30, 2019 By David Keating and Privacy, Cyber & Data Strategy Team

We may now have more clarity on what the California Consumer Privacy Act (the “CCPA”) will look like when it goes into effect on January 1, 2020.  The California Assembly’s Committee on Privacy and Consumer Protection approved a series of bills last week that will now advance to the Appropriations Committee before being put to a full vote and potentially advancing to the California Senate for consideration.

Here are some of the proposed amendments that were approved:

  • AB 25. An amendment that would modify the definition of “consumer” to exclude employees by modifying the definition to exclude “a natural person whose personal information has been collected by a business in the course of a person acting as a job applicant to, an employee of, a contractor of, or an agent on behalf of, the business, to the extent the person’s personal information is collected and used solely within the context of the person’s role as a job applicant to, an employee of, a contractor of, or an agent on behalf of, the business.”
  • AB 846. This amendment seeks to clarify the treatment of retail loyalty programs under the CCPA.  The amendment revises the non-discrimination provision in the law to state that the CCPA does not prohibit a business from offering different levels of service or price if such differential treatment is in connection with a consumer’s voluntary participation in a “loyalty, rewards, premium features, discount, or club card program.”  The amendment would also make certain other adjustments to the non-discrimination mechanism in the law.
  • AB 873. An amendment that would clarify the definition of “deidentified” and the handling of deidentified information as “information that does not reasonably identify or link, directly or indirectly, to a particular consumer, provided that the business makes no attempt to reidentify the information and takes reasonable technical and administrative measures designed to ensure that the data is deidentified, publicly commits to maintain and use the data in a deidentified form, and contractually prohibits recipients of the data from trying to reidentify it.”  The amendment also seeks to remove the term “household” from the definition of “personal information.”
  • AB 981. This amendment proposes to exempt from the CCPA “insurance institutions, agents, and support organizations” to the extent that those institutions are already subject to California’s Insurance Information and Privacy Protection Act (IIPPA). The IIPPA contains provisions that overlap in some respects with the CCPA. AB 981 would also modify IIPPA to expand certain privacy requirements, such as notice requirements.
  • AB 1146. This amendment would exempt a defined category of vehicle information from the CCPA’s right to deletion and do not sell requirements.  The amendment would apply to name and contact information of a vehicle owner, VIN, make, model, year, and odometer reading shared between a “new motor vehicle dealer” and the manufacturer with respect to vehicle repairs relating to warranty work or recalls.
  • AB 1564. This amendment would modify the requirement in the CCPA that currently mandates that a business make available two or more designated methods for consumers to submit access requests to just one method.  The amendment would require that a business make available either a toll-free telephone number or an email address for consumers to submit access requests.  The amendment would also require businesses that maintain websites to make that website available to consumers to submit access requests.

Notably missing from the amendments approved by the Committee is AB 1760, the amendment introduced by Assembly member Buffy Wicks known as the “Privacy for All Act.” AB 1760 proposed to significantly alter the CCPA in several ways including by seeking to require businesses to obtain affirmative opt-in consent to share personal information.  AB 1760 was withdrawn from consideration by the Committee.

We will continue to monitor the legislative process and will report on relevant further updates.

Filed Under: California, Cybersecurity, Legislation, Privacy, Regulation Tagged With: California Consumer Privacy Act (CCPA)

About David Keating

David Keating focuses his practice on matters involving technology and data and co-leads the Privacy, Cyber & Data Strategy Team. He has advised clients on privacy and security issues arising along the entire data lifecycle for more than 15 years. He assists clients with compliance strategies, policy development and implementation, data monetization and data use analyses, new product development, privacy and security issues in transactions, and privacy enforcement matters.

[Read Bio]

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Belgian Supervisory Authority Sanctions News Media Company for Violating Cookie Rules
  • DOJ Issues New Policy on CFAA Prosecutions
  • EDPB Issues Draft Guidelines on the Calculation of Administrative Fines
  • The California Privacy Protection Agency Solicits Public Input on Forthcoming Privacy Regulations
  • U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum
Copyright © 2022 · Alston & Bird · All Rights Reserved. Privacy.