.jpg)
This bill amends Section 1798.99.82 of the Civil Code, relating to privacy.
The California Consumer Privacy Act of 2018 (CCPA) grants a consumer various rights with respect to personal information that is collected or sold by a business, including the right to request that a business disclose specified information that has been collected about the consumer, to request that a business delete personal information about the consumer that the business has collected from the consumer, and to direct a business not to sell or share the consumer’s personal information, as specified. The CCPA defines various terms for these purposes. The California Privacy Rights Act of 2020 (CPRA), approved by the voters on November 3, 2020, created the California Privacy Protection Agency (agency) and vests the agency with full administrative power, authority, and jurisdiction to enforce the CCPA.
Existing law requires a data broker to register with the agency, and defines “data broker” to mean a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship, subject to specified exceptions. Existing law requires a data broker, in registering with the agency, to pay a registration fee in an amount determined by the agency and provide specified information, including, among other things, the name of the data broker and its primary physical, email, and internet website addresses, and whether the data broker collects the personal information of minors, consumers’ precise geolocation, or consumers’ reproductive health care data.
This bill would require a data broker to provide additional information to the agency, including whether the data broker collects consumers’ login or account information, various government identification numbers, citizenship data, union membership status, sexual orientation status, gender identity and gender expression data, and biometric data. SB 361 furthers the purposes and intent of the CPRA, visit leginfo.legislature.ca.gov to read it in full.
The premise of SB 361 is that Californians have a right to know which companies have obtained and are prepared to sell their highly sensitive information and to be able to distinguish those particular data brokers from those who are distributing less sensitive information. We absolutely agree that both consumers and regulators should have access to this information, and most importantly, that gaining that access should not be a burdensome process for consumers.
The California Consumer Privacy Act of 2018 (CCPA) grants a consumer various rights with respect to personal information that is collected or sold by a business, including the right to request that a business disclose specified information that has been collected about the consumer, to request that a business delete personal information about the consumer that the business has collected from the consumer, and to direct a business not to sell or share the consumer’s personal information, as specified. The CCPA defines various terms for these purposes. The California Privacy Rights Act of 2020 (CPRA), approved by the voters on November 3, 2020, created the California Privacy Protection Agency (agency) and vests the agency with full administrative power, authority, and jurisdiction to enforce the CCPA.
Existing law requires a data broker to register with the agency, and defines “data broker” to mean a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship, subject to specified exceptions. Existing law requires a data broker, in registering with the agency, to pay a registration fee in an amount determined by the agency and provide specified information, including, among other things, the name of the data broker and its primary physical, email, and internet website addresses, and whether the data broker collects the personal information of minors, consumers’ precise geolocation, or consumers’ reproductive health care data.
This bill would require a data broker to provide additional information to the agency, including whether the data broker collects consumers’ login or account information, various government identification numbers, citizenship data, union membership status, sexual orientation status, gender identity and gender expression data, and biometric data. SB 361 furthers the purposes and intent of the CPRA, visit leginfo.legislature.ca.gov to read it in full.
Support
While Californians generally have concerns about third party selling of any of their personal information, when the information is highly sensitive those concerns are, most reasonably, greatly increased. It is also fair to say that recent developments on the federal side have amplified those concerns as Californians have watched federal databases containing some highly personal data about them be breached by unauthorized personnel for unclear purposes.The premise of SB 361 is that Californians have a right to know which companies have obtained and are prepared to sell their highly sensitive information and to be able to distinguish those particular data brokers from those who are distributing less sensitive information. We absolutely agree that both consumers and regulators should have access to this information, and most importantly, that gaining that access should not be a burdensome process for consumers.
- Oakland Privacy (sponsor)
- California Federation of Labor Unions, AFL-CIO
- Consumer Reports
- Electronic Privacy Information Center
- Privacy Rights Clearinghouse
- Puente de la Costa Sur
Consumer Reports, formerly Consumers Union, is a nonprofit consumer organization dedicated to independent product testing, investigative journalism, consumer-oriented research, public education, and consumer advocacy.