Formed in the image and spirit of the European Union's General Data Protection Regulation (GDPR), the CCPA has been lauded as a comprehensive law that, nonetheless, would always need some fine-tuning.
Many of the bills introduced in April are meant to amend and augment the CCPA; some of the changes would be minimal, while others could reshape key areas of the soon-to-be-enacted law. Critics have argued that some of these changes would defang many of the consumer protections, while proponents of the bills see them as necessary amendments.
The legislation has also “received widespread backing from business groups" as well as "leading tech lobbying firms that represent the likes of Facebook, Google, Amazon, and Apple,” according to Wired, further drawing skepticism from privacy rights activists.
Here is a breakdown of those bills, their current status, and what people are saying about them.
- Assembly Bill 1416: Perhaps the most maligned bill of the lot, AB 1416 would have created multiple new exemptions to CCPA's regulations, allowing companies to sell consumer data to individuals and government agencies in select circumstances, even if the consumer has asked the company not to.
Critics said the bill created a "broad loophole" for businesses, giving them leeway to sell consumer data to any government agencies for the purposes of a government program. It would also allow data to be sold if suspicion of fraud or a crime has been detected.
"The bill could clear the path for private companies such as the data brokers and surveillance corporations ... to collect, keep, and sell the personal information of Californians without giving them a meaningful choice in the matter," reads a statement from Sen. Hannah-Beth Jackson, chair of the Senate Judiciary Committee.
The bill was recently referred to that committee, but its hearing was subsequently cancelled.
- Assembly Bill 25: This bill originally sought to draw a distinction between data collected on people within personal and professional contexts — changing the definition of who is covered under the CCPA to exempt information collected on individuals “within their employee role, or in similar roles within the employment context, as specified.”
In other words, information collected under the rubric of business on employees, contractors, and others, would be exempted from protection under the CCPA. The bill received amendments in the Assembly. During its recent hearing in the Senate, it received considerable pushback from civil liberties groups.
It recently passed the Senate Judiciary Committee and now heads to the Committee on Appropriations.
- Assembly Bill 846: This bill would create an exemption that allows companies to sell consumer data in exchange for loyalty rewards programs that customers could sign up for.
Civil liberties groups have criticized the bill, saying it would “would create an unfortunate choice for consumers” between saving money in exchange for allowing their personal purchase data to be sold, or spending more on the same items, according to comments from a recent Senate committee.
The bill passed the Senate Judiciary Committee and now heads to the Committee on Appropriations.
- Assembly Bill 1564: This bill would eliminate the requirement that companies provide a toll-free telephone number for consumers to submit disclosure requests. Instead, companies could supply an email for such requests.
The bill passed the Senate Judiciary Committee and now heads to the Committee on Appropriations.
- Assembly Bill 873: This bill would have tweaked the current language within the CCPA that relates to de-identified data. Currently, the CCPA exempts companies from having to divulge to consumers how de-identified data is used.
The bill would have slightly changed how "de-identified data" is defined, but the legislation failed to pass during its consideration by the Senate Judiciary Committee. Lawmakers complained that the bill's "expansion of what is considered deidentified reduces what information consumers have access to and control over despite the capability of that information to be associated back to specific individuals," according to Judiciary Committee notes.
Though the bill failed to pass the Senate, it has been granted an opportunity for reconsideration.
