May 21, 2019

May 21, 2019

Subscribe to Latest Legal News and Analysis

May 20, 2019

Subscribe to Latest Legal News and Analysis

Potential CCPA Amendments Gain Traction in the California Legislature

On April 23, 2019, the California Assembly Privacy and Consumer Protection Committee voted to advance several key amendments to the California Consumer Privacy Act (CCPA), which are outlined below. If these amendments pass into law, they would limit the scope of the CCPA. 

AB 25 – Employment Information Exclusion

This bill seeks to clarify that the definition of “consumer” does not include an employee acting within their scope as an employee. Accordingly, personal information of job applicants, employees, contractors, or agents of the business collected for employment purposes would not be covered by the CCPA.

AB 873 – Narrowing of “Personal Information” Definition

This bill seeks to revise the definition of “Personal Information” (PI) to exempt: (1) information that “identifies, relates to, describes,” or “could be linked” to a “household,” and (2) information that “is capable of being associated with” a consumer.
 
This bill also seeks to revise the definition of “deidentified information,” which is excluded from PI, to mean information “that does not reasonably identify, or link, directly or indirectly, to a particular consumer,” provided the business does not attempt to reidentify the data and takes “reasonable” steps to keep it deidentified. This is arguably narrower than the previous definition, which included information that could be “capable of being associated with” a consumer.

AB 1564 – Permitting One Method for Consumer Requests

This bill seeks to change the requirement that a business provide two or more designated methods for submitting requests for information. Instead, a business could include either a toll-free telephone number or an email address (and require an email address if a business operates a website).

AB 846 – Customer Loyalty Programs and Other Exceptions to Non-Discrimination Statute

This bill seeks to revise the non-discrimination statute, which prevents a business from offering a different price or quality of goods or services to a consumer in exchange for PI, to provide three exceptions:

  • the offering is in connection with a consumer’s voluntary participation in a loyalty, rewards, premium features, discount, or club card program;

  • the difference is reasonably related to the value provided by the consumer’s data; or

  • the offering is related to a specific good or service whose functionality is reasonably related to the collection, use, or sale of the consumer’s data.

AB 981 – Insurance Information Exclusion

This bill would exempt from the CCPA insurance institutions, agents, and support organizations subject to the Insurance Information and Privacy Protection Act (IIPPA). The bill would also add some CCPA-like provisions (such as notice requirements) to the IIPPA.

©2019 Greenberg Traurig, LLP. All rights reserved.

TRENDING LEGAL ANALYSIS


About this Author

Gretchen A. Ramos, Lawyer, Greenberg Traurig, Data, Privacy & Cybersecurity,The Cloud,Artificial Intelligence, Big Data
Shareholder

Gretchen A. Ramos is Co-Chair of the Data, Privacy & Cybersecurity Practice and focuses her practice on privacy, cybersecurity, and information management. A creative problem-solver with a long track record of success in commercial disputes, she never loses sight of the simple fact that she works in a service industry. Clients appreciate not only her legal skills, but also her direct, no-nonsense approach to client service, including her bullet-pointed emails, snapshot executive summaries, and creativity in finding ways to streamline communications for in-house counsel with dozens of...

415.655.1319

Cathy Shyong’s practice focuses on privacy, cybersecurity, and information management. She represents technology clients in a wide range of fields, including health care and life sciences, consumer products, SaaS, fintech, non-profit, and academic research. Cathy works closely with clients to advise them on privacy policies, internal privacy procedures, regulatory compliance, commercial agreements, advertising, and product development. Her advice is informed by her broad experience litigating technology disputes.

Concentrations

  • EU GDPR compliance

  • COPPA, HIPAA, TCPA, PCI-DSS, CAN-SPAM

  • State privacy and consumer protection laws, including California Consumer Privacy Act

  • Security breach response and notification

  • Advertising and marketing statements

  • Product development issues

  • Contracts

  • Intellectual property and licensing

415.655.1276