June 19, 2019
CCPA Changes
If you’re wondering whether the CCPA is going to change drastically before its effective date on January 1, 2020, you are not alone. However, because of the way the California legislative process works, there is at least some good news—the time for submitting new amendments has passed, and 12 bills impacting the CCPA have made it through the California Assembly to the Senate.
Many potential amendments failed to make it this far. The most sweeping of those, the proposals to expand the CCPA’s private right of action by allowing consumers to resort to civil litigation for any violations of the CCPA (AB 1767 and SB 561), were blocked in the legislature. While we cannot predict the potential rules the California Attorney General will impose, we can guide you through these potential amendments that are awaiting Senate approval.
CCPA Amendments
Assembly Bill 25
(AB 25) exempts the collection of personal information from job applicants, employees, contractors, and agents from the CCPA. This is an amendment that the business community has argued for from the outset. Under the current language of the CCPA, personal information that businesses collect from job applicants or employees would be subject to the law. Business advocates argue that employee information is collected from people in their non-consumer capacity and should be not be subject to the same access and deletion requests.
Assembly Bill 846
(AB 846) addresses the issue of consumer loyalty programs. The CCPA prohibits price or service discrimination among consumers who opt out of the sale or request the deletion of their information. Under AB 846, voluntary loyalty, rewards, discount, club card, or premium feature programs would be exempted from the CCPA’s discrimination provisions. The same would apply to a good or service whose functionality is directly related to the collection, use, or sale of the consumer’s data.
Assembly Bill 873
(AB 873) seeks to insert the word ‘reasonably’ into the definition of personal information, so that it would read, “‘Personal information’ means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household” (emphasis added to indicate change). 1798.140(o)(1). The CCPA excludes aggregate and deidentified consumer information from that definition of personal information; AB 873 seeks to update the definition of deidentified. The amended version would define it as “information that does not identify, and is not reasonably linkable, directly or indirectly, to a particular consumer, provided that the business makes no attempt to reidentify the information and takes reasonable technical and administrative measures designed to ensure that the data is deidentified, publicly commits to maintain and use the data in a deidentified form, and contractually prohibits recipients of the data from trying to reidentify it” AB 873(1).
Assembly Bill 874
(AB 874) updates the CCPA’s definition of “publicly available” to include any information that is lawfully made available from federal, state, or local government records. The current definition does not include information from public government records if it is being used for a purpose not compatible with the reason the government maintains and makes them available. This amendment would also clarify the definition of personal information to make clear that it does not include deidentified or aggregated information.
Assembly Bill 981
(AB 981) was originally introduced with language that would exempt insurance institutions, agents, and insurance-supported organizations from the CCPA However, it was amended in committee and then passed with new language that would eliminate consumers’ rights to request that a business delete or not sell their data if their personal information is necessary to complete insurance transactions that were requested by the consumers. It also amends the insurance code to harmonize some of the insurance industry’s disclosure and notice practices with the CCPA.
Assembly Bill 1035
(AB 1035) is not a CCPA-specific bill, but it is related to the CCPA in that it modifies California’s data breach reporting requirements, imposing a strict notice period of no more than 45 days for companies to disclose their data breaches.
Assembly Bill 1138
(AB 1138) is also technically an amendment of the Parent’s Accountability and Child Protection Act, but it is relevant to companies creating CCPA policies regarding children. The bill would require parental consent for children under the age of 13 to open social media or website application accounts. The verification process required by this bill would therefore have bearing on the steps a company takes with regard to users under the age of 13.
Assembly Bill 1146
(AB 1146) is geared specifically toward the auto industry. It exempts certain vehicle information from the CCPA’s right to deletion and do not sell requirements. The sharing of vehicle owner name and contact information, VIN, make, model, year, and odometer readings between manufacturers and new motor vehicle dealers related to warranty work or recalls would not be subject to the CCPA.
Assembly Bill 1202
(AB 1202) specifically applies all of the CCPA’s obligations to data brokers, including requiring the data brokers to give consumers the option to opt out of the sale of their information. It would also require brokers to register with the California Attorney General ad impose penalties for failing to register. Advertisers in particular have raised objections to AB 1202, arguing that it would be both duplicative of CCPA obligations and potentially conflict with it, ultimately reducing transparency and being unhelpful to consumers.
Assembly Bill 1355
(AB 1355) would exclude deidentified or aggregated information from the definition of personal information (something that is also part of AB 874) and also clarifies that the CCPA’s definition of permissible discrimination in pricing or service has to be reasonably related to the value the consumer’s data provides to the business itself. The current language of the CCPA requires that the discrimination be reasonably related to the value of the information to the consumer.
Assembly Bill 1416
(AB 1416) has a dual purpose. One part of it is focused on security. Specifically, it allows businesses to ““[s]ell the personal information of a consumer who has opted-out of the sale . . . to another person for the sole purpose of detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity, provided that the business and the person shall not further sell that information for any other purpose.” The other purpose of AB 1416 is to enable businesses to share information with government agencies and comply with other rules and regulations. Some commentators have expressed concern that AB1416 is overly broad , making it possible for businesses to establish their own rules and regulations and therefore build their own exceptions.
Assembly Bill 1564
(AB 1564) was passed by the Assembly on May 13, 2019. It is intended to lighten the burden of consumer requests by allowing online-only businesses the option of only being required to provide an email address or a mailing address for receiving requests and also expanding the permissible ways to receive requests to include a mailing address. As written, the CCPA currently requires that business offer at least an online and a toll-free phone number option for submitting requests.
Stay tuned for more information as these bills continue their journey through the California Legislature.
DISCLAIMER: This publication has been prepared by SixFifty, LLC to provide information of interest to our readers regarding the California Consumer Privacy Act. It is not intended to provide legal advice for a specific situation or to create an attorney-client relationship. SixFifty, LLC does not provide legal advice.
Written by Marie Kulbeth
Marie Kulbeth is a Co-Founder and General Counsel of SixFifty, and the co-director of BYU LawX, a legal design lab dedicated to solving access to justice problems. She works to make the law straightforward for everyone, regardless of education level or income. Marie keeps her passion for equitable, accessible legal services at the forefront of her career. Her role as...
Full Bio and other articles by Marie Kulbeth
About The Author: Marie Kulbeth
Marie Kulbeth is a Co-Founder and General Counsel of SixFifty, and the co-director of BYU LawX, a legal design lab dedicated to solving access to justice problems. She works to make the law straightforward for everyone, regardless of education level or income.
Marie keeps her passion for equitable, accessible legal services at the forefront of her career. Her role as General Counsel allows her to field-test SixFifty’s products to ensure they’ll work for customers.
Education and Experience
Marie attended Brigham Young University, and spent most of her undergrad studying International Politics and Development. It was during a field study in South Africa that she first decided to become a lawyer. As she researched the new South African constitution and worked with community organizers, Marie became fascinated with the development of the rule of law and how it in turn fosters economic development.
After undergrad, she attended BYU Law, where she continued focusing on improving equity, specifically through access to justice. She spent time interning with a nonprofit at the Human Rights Council in Geneva and with the United Nations International Tribunal for the Rwandan Genocide. At home, she interned with Catholic Charities, focusing on supporting asylum cases. Marie’s work with communities and governments across the globe broadened her understanding of how the law can either uplift or further harm underserved populations.
After law school, Marie worked as a judicial law clerk for the US Fifth Circuit Court of Appeals. She then practiced commercial litigation in Salt Lake City before returning to BYU Law, where she became an Assistant Dean. During her time at BYU Law, Marie built a diversity recruiting program and a storytelling program. Although she has left academia, she continues to keep a hand in by teaching a legal design class at BYU Law School and an undergraduate international politics class that focuses on development and diplomacy at BYU’s Kennedy Center. Both courses help students increase their community engagement and use their skills to create change.
Achievements with SixFifty
Marie’s work with both SixFifty and LawX focuses on making the law less complicated and
more equitable for both companies and individuals.
Marie’s legal specialty is privacy. She has additional focus areas in legal technology; diversity, equity and inclusion; employment; and compliance. She enjoys the opportunity to build products with the legal product team, including pro bono products. This allows her to work with communities she cares about – and complements the work she continues to do at BYU.
With Marie’s guidance and experience, SixFifty is able to offer privacy products that allow even small companies to easily comply with global privacy restrictions. Her passion for making the law accessible to everyone is evident in our pro bono products, which help individuals access free legal help for common issues.
Get to Know Marie
When she’s not helping to advance SixFifty’s mission, Marie travels whenever she can. Keep your eyes open and you may find her anywhere in the world – one of her favorite trips was a seven-day motorbike tour of northern Thailand. She especially loves to canyoneer in southern Utah and explore wilderness areas.
Marie also continues her community development and education work. She is on the board of several nonprofits, including one that runs primary schools in South Sudan and the Utah Tribal Relief Foundation. She recently joined the board of the Mountainland Association of Governments, which focuses on making loans to entrepreneurs from underserved communities who lack access to traditional funding. She’s also a Model UN legend! She is the Executive Director of BYUMUN, Utah’s premier high school Model United Nations learning conference.
Marie loves podcasts and will nerd out on anything related to the law, the history of the English language, and anything done by the people at Radiolab.
Bar Licensed
Utah
More posts by Marie Kulbeth