Calif. Senator Will Work With Industry on CCPA Update About Publicly Available Info
A proposed change to the California Consumer Privacy Act (CCPA) about publicly available information hit a temporary roadblock Wednesday in the Assembly Privacy Committee. Sen. Aisha Wahab (D) said she planned to work with California businesses over the summer to refine SB-435, which failed to clear the committee but is still alive. “We are deeply committed [to] working with industry.”
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The committee advanced to the Appropriations Committee an AI bill (SB-53) by Sen. Scott Wiener (D) and one (SB-7) about employers using automated decision systems that Sen. Jerry McNerney (D) offered.
If Wahab’s bill were to become law, even publicly available sensitive information would remain sensitive information subject to heightened protections under CCPA (see 2506300026). As amended by the committee, SB-435 would say that “publicly available” does not include sensitive personal information, according to a July 14 Privacy Committee analysis.
But while seven members voted for SB-435, eight others either said no or chose not to vote, meaning that the bill failed to win a majority of the committee. Democratic Assemblymember Jacqui Irwin joined four Republicans in voting no. Not voting were three Democrats: Tina McKinnor, Cottie Petrie-Norris and Lori Wilson. After the vote, however, the panel granted reconsideration, possibly keeping the bill alive for another vote.
Earlier in the meeting, Wahab said she planned to work with a bill opponent, the California Chamber of Commerce (CalChamber), “throughout the summer recess and our hope is that we can arrive at a mutually agreeable policy that ensures information relative to immigration and citizenship status is appropriately protected.”
SB-435 “simply asserts that sensitive personal information should always be treated as such by corporations and data brokers,” said Wahab: This means that “no matter if a consumer chooses to make sensitive personal information public, they still retain the basic rights to control their information under the CCPA.”
Irwin, who in 2019 sponsored a bill that became law and led to the current way CCPA handles publicly available information, said she disagreed with Wahab’s proposed change for constitutional reasons. “It is problematic when there's information that's available in the newspapers or on social media that is public … to now try to subject it to CCPA.”
However, the committee analysis noted, “One could argue it is unlikely that the voters in 2020” who supported the California Privacy Rights Act (CPRA), which amended the CCPA, “contemplated or understood that people’s most sensitive personal information could be shared to hundreds of companies within seconds and could change hands and be coupled with other personal information by thousands of companies in order to create detailed profiles that include every aspect of a person’s life.”
“In addition, it is unlikely that many voters who voted in favor of the CPRA understood that the initiative changed the definition of ‘publicly available’ in a way that potentially created a loophole where companies could argue that the consumer did not expressly restrict the information to only being shared with a specific audience,” the bill analysis said. “As a result of that failure, they made the sensitive information publicly available and therefore cannot prohibit a business from using, sharing, or selling data.”
Opponents say the contemplated change would violate the First Amendment because the public has a right to access information from the government, said the analysis: In addition, opponents argue the bill would reduce privacy by forcing businesses to go through any publicly available information they have to determine if it might include sensitive content.
The Alliance for Children's Rights supported SB-435 at the hearing. “The bill closes a dangerous loophole in California's privacy law -- one that allows sensitive personal data like immigration status markers to be sold or shared without restriction, if it's considered at any point publicly available,” said Zachariah Oquenda, the alliance’s senior policy attorney. “The loophole allows businesses to collect and sell sensitive data from all kinds of sources we might not expect, including vehicle ownership and insurance records, health disclosures made on public facing crowdfunding platforms" and residential rental histories.
However, Ronak Daylami, CalChamber policy advocate, said the “ramifications” of passing SB-435 “would be significant for our members, not merely in terms of infringing upon their rights, but from a business and compliance standpoint.”
Meanwhile, the panel voted 10-0 to clear Wiener’s AI bill, which would provide whistleblower protection to employees at AI developers. It would also create a consortium to develop a framework for a public cloud computing cluster called CalCompute to advance AI safely and ethically (see 2507010047). Wiener said he incorporated recommendations from last month’s California Frontier AI report (see 2506170051).
In addition, the committee voted 9-4 for McNerney’s SB-7. The Senate author said the bill would create “common-sense guardrails” and make sure there’s a human in the loop when employers use ADS for workplace decisions.