California Legislature Passes Bill Regulating Data Brokers

On September 14, 2023, the California legislature passed S.B. 362 (“Act”), a bill that would impose new requirements on data brokers and grant residents new rights designed to facilitate control over their personal data. S.B. 362 is now awaiting signature by California Governor Gavin Newsom. The Act aims to close a loophole in the California Consumer Privacy Act (“CCPA”) that allows consumers to request that data brokers delete personal information obtained directly from the consumer, but does not require data brokers to delete personal information obtained from other sources. 

The Act would grant California consumers the right to request that data brokers (1) delete and (2) limit the further sale and sharing of consumers’ personal data. In addition, the bill would create new registration, disclosure, recordkeeping, and audit requirements applicable to data brokers. Specifically, the Act would:

If enacted, the Act’s provisions would become effective in multiple steps between 2024 and 2028. Note that the Act defines the term “data broker” broadly to include any business that “knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship.” However, the Act would not extend to entities covered by the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act, as well as entities covered by the California Insurance Code.


Listen to this post

Copyright © 2024, Hunton Andrews Kurth LLP. All Rights Reserved.
National Law Review, Volumess XIII, Number 264