Calif. Assembly Panel Clears Bills on Location Privacy, AI and Age Assurance

AB-1355 would restrict certain entities from collecting, using and selling location data. Those who oppose the bill argued that there are instances where geolocation data plays a positive role, and that laws already regulate use and sale of this data.

“This is going to take ... a lot of other conversations, and [there are] many steps ahead of us,” said Assemblymember Chris Ward (D), one of the location data bill’s sponsors. But he encouraged a favorable vote since “the sale of [location] data undermines our civil liberties and puts our most vulnerable populations at risk of stigma, discrimination and violence.”

The wireless industry opposed the legislation. “Location information plays an indispensable role in protecting consumers from security issues, fraud, illegal activities and provide[s] support for law enforcement, as well as providing consumers a vast array of beneficial uses and services,” said Jake Lestock, CTIA state legislative affairs director.

Ronak Daylami, a privacy and cybersecurity policy advocate at the California Chamber of Commerce, also opposed the measure. Daylami disagreed with moving geolocation data into its own statute, rather than keeping it under the California Consumer Privacy Act (CCPA).

However, many others supported the bill. “It should not be a controversial idea,” said Matt Schwartz, policy analyst at Consumer Reports. “The weather app on your phone may well need access to location information and give you an accurate forecast, but it shouldn't be selling that information to data brokers behind your back.”

Lan Le, policy advocate at Asian Americans Advancing Justice Southern California, said AB-1355 would help survivors of domestic violence, human trafficking and sexual assault. “In a moment of crisis, survivors who are fleeing violence should not have to stop and wonder if using their phones to text someone for help, find directions or request a ride might further endanger them, especially when the stakes are already so high.”

The committee also heard testimony on AB-853, which would require large online platforms to provide provenance data, explaining the source, creation process and ownership, along with other information, of content. Assemblymember Buffy Wicks (D), one of the bill’s sponsors, said it builds on previous legislation.

The bill “would add important tools to our arsenal to help stem the tide of online disinformation,” said Ken Wang, senior policy advocate at the California Initiative for Technology & Democracy. “We hope these urgent policy interventions will help rebuild trust in our information ecosystem. Given the absence of meaningful federal policy, California must continue to lead on this critical issue.”

Assemblymember Diane Dixon (R), however, said the legislation is not ready. “There's still work to be done, but I appreciate the direction you're going in,” she said.

TechNet opposed the bill and said it needed more time. Aodhan Downey, the Western state policy manager at the Computer & Communications Industry Association (CCIA), also testified against AB-853. “Regulatory mandates risk imposing unnecessary costs on consumers, stifling innovation and creating new vulnerabilities for user privacy,” he said. “A flexible, phased approach, grounded in open standards and voluntary adoption is essential to ensure sustainable progress.”

Another privacy bill mandating age-verification cleared the committee with full support. AB-1043 would “create a statutory age assurance framework that establishes a knowledge standard in California, while balancing privacy and usability,” said Wicks, the bill's sponsor. “It is our job, however, as lawmakers, to strike a balance in statutes that provide a safer online environment for our children, protect children's data privacy and create guardrails that do not impede innovations or violate individuals’ constitutional rights."

Samantha Corbin, representing the Chamber of Progress, said the law “misplaces responsibility” and places too much of a burden on parents. “It risks creating a false sense of security without actually reducing harm."

Supporters of the law, like data privacy attorney Nicole Rocha, said privacy risks fears are false. “The opposition will argue today that age assurance is privacy invasive, and that sharing granular age data with thousands of apps will compromise kids’ safety,” she said. “Nothing could be further from the truth. Nothing in this bill requires the apps [to] alert the world to the age of platform users or make kids a sitting target for predators. This bill also does not require the upload of government IDs, facial recognition or anything of this sort. It simply requires that user age information is input during device setup, and frankly, parents have no incentive to lie.”

“It's time to do more” about kids’ safety, said Privacy Committee Chair Rebecca Bauer-Kahan (D), supporting the Wicks bill.

Judiciary Chair Ash Kalra (D) agreed. “Ultimately, we do know that we have to have these safety checks in place,” he said. “We want to make sure that we do have systems in place that allow us to better protect our youth that are using these apps.”