California’s Consumer Privacy Act Amendment Process Nears the Finish Line

September 11, 2019

The enactment of the California Consumer Privacy Act (CCPA) has been a marathon process, with numerous groups trying to amend the law in various ways before it goes into effect January 1, 2020. We reported in June that the process had been whittled down to just twelve amendments. Last week, the deadline for amendments passed. The reported last-minute lobbying efforts to weaken the bill appear to have been unsuccessful. Now, the legislature has until September 13 to pass the final bills. While we wait on that final deadline, let’s look at which amendments are still in play to make it into the final bill and how they have changed since shifting to the Senate.

Amendments Ready for a Vote

The following amendments all passed out of committee and are now ready for a floor vote.

Amendments That Died in the Senate

Pending Non-CCPA Privacy Related Legislation

In our last update we also highlighted four other privacy-related bills in play during this legislative session. Two of those bills made it through the Senate without any substantive amendments: A.B. 1130, which amends the definition of personal information in California’s data breach notification law to include biometric data and government-issued identification numbers; and A.B. 1665, which requires parental consent before a website or application can sell a minor’s personal information in a manner that is separate from that website or application’s general terms and conditions.

A.B. 1138, which prohibits social media companies from allowing persons under 13 years of age to create an account without a parent’s consent, was amended in the Senate to prohibit retention of any data provided for the purpose of parental consent. The amendment also prohibited the use of that data for any purposes outside of parental consent. The bill was further amended on the floor to include an “actual knowledge” requirement in order to impose liability. Actual knowledge is imputed if a business “willfully disregards” the consumer’s age. The bill is out of committee and ready for a floor vote.

But A.B. 1395, which attempted to expand California’s smart TV privacy bill to apply to any connected device with a voice recognition feature, appears to be dead in the water.