Calif. Legislators Pass Data Breach Notification Bill; Appropriators Advance Others
A California bill to set notification deadlines for data breaches passed the Senate unanimously on Thursday and could be headed to the governor’s desk soon. The Senate passed SB-446 on May 28 and it’s been sailing through the Assembly on consent agendas since then (see 2508200033). Meanwhile, state fiscal hawks advanced many privacy and AI bills, while holding back some others, at committee meetings Friday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
SB-446 would require disclosures to California residents within 30 days of a company discovering a breach, plus a notice to the state attorney general within 15 days of the company notifying affected consumers. California’s current law lacks disclosure deadlines for notifications.
Friday was the deadline for fiscal committees in each California legislative chamber to approve bills. Many privacy and AI bills are nearing the finish line (see 2508150016) and more floor votes are expected next week.
On Friday, the Senate Appropriations Committee sent to the floor multiple bills by Assembly Privacy Committee Chair Rebecca Bauer-Kahan (D), including an algorithmic-discrimination measure (AB-1018) and a chatbots bill (AB-1064) that would include rules around using kids' personal information for AI training.
The committee additionally advanced Bauer-Kahan’s bills on reproductive privacy (AB-45) and social media warning labels (AB-56), though the latter was amended “to reduce the warning label duration and size, strike the private right of action, add a severability clause and delay implementation,” said Senate Appropriations Committee Chair Anna Caballero (D). The committee cleared all the Bauer-Kahan bills by 5-2 votes with Republicans voting no.
However, the committee punted until next year on another Bauer-Kahan proposal on enhanced privacy protections for judges and elected officials (AB-302). The California Privacy Protection Agency recently raised logistical concerns with that bill (see 2507240070).
Also, the committee voted 5-2, with Republicans as the nays, on a workplace surveillance bill (AB-1331) by Assemblymember Sade Elwahary (D).
Senate Appropriations voted 4-2, with two Republican nays, to advance a bill (AB-466) by Assemblymember Chris Ward (D) that aims to restrict so-called surveillance pricing, a practice where businesses use certain data about consumers to set individualized prices. Caballero said an amendment narrowed the bill's scope to “grocery establishments and price increases,” while striking provisions related to loyalty programs.
But the committee effectively delayed Ward’s location privacy bill (AB-322) to next year by calling it a "two-year bill."
And the committee voted 7-0 to clear AB-1043 by Assemblymember Buffy Wicks (D). The kids online safety measure would require manufacturers to develop a way to have device owners enter the user’s birthdate or age, so that a digital signal about the user’s age bracket could be sent to app developers through an application programming interface.
Elsewhere in Sacramento, the Assembly Appropriations Committee cleared SB-7 by Sen. Jerry McNerney (D) on employers’ use of automated decision systems. Only committee Democrats supported the measure. But another McNerney bill (SB-69) to require the California attorney general to build internal expertise on AI stalled in the committee.
The Assembly committee supported, with Republicans not voting, a frontier AI models bill (SB-53) by Sen. Scott Wiener (D) that would require transparency about safety and security protocols and provide whistleblower protection to employees at AI developers. However, the committee amended the bill to strike a third-party audit requirement and raise the threshold for covered developer to $500 million from $100 million previously. Also, the Assembly committee unanimously supported SB-243 by Sen. Steve Padilla (D) to regulate AI chatbots.