The CCPA Amendments that Survived the California Legislature - After months of deliberation and negotiation, the California Legislature has passed a series of amendments to the California Consumer Privacy Act.

Jones Day

Jones Day

As the legislative session came to a close last week, the California Legislature passed five bills that amend the California Consumer Privacy Act ("CCPA"). Here are the five bills that are now headed to the governor for signature:

  • A.B. 25—Excludes employee data from a consumer's right to access, deletion, and opt-out. Employers are still required to comply with the disclosure requirements and are subject to the data security private right of action for employee data.
  • A.B. 874—Clarifies that "publicly available information" and "deidentified or aggregate" information are not considered "personal information."
  • A.B. 1146—Excludes from the right to opt-out vehicle and ownership data for purposes of vehicle repair relating to warranty or recall.
  • A.B. 1355—Clarifies various provisions of the CCPA, including modifying the definition of "personal information," clarifying that deidentified and aggregate information are exempt from the statute, modifying the FCRA exemption, and excluding personal information collected on another business's employees in certain B2B contexts.
  • A.B. 1564—Provides that businesses that operate exclusively online need to provide only an email address for consumer requests.

The exclusions in both A.B. 25 and A.B. 1355 are subject to a one-year moratorium.

Taken together, these bills help clarify ambiguous provisions and focus the potential scope of the CCPA. Of particular importance are the amendments excluding employee data and other businesses' employees for one year from various obligations under the CCPA.

The Legislature also passed a sixth bill, A.B. 1202, which does not amend the CCPA but is likely relevant to many businesses preparing for CCPA compliance. Specifically, this bill creates a new class of data processors, "data brokers," who must register with the attorney general every year.

Businesses that must comply with the CCPA would be wise to anticipate the possibility of these bills becoming law and should consider taking steps now to align their data compliance programs with these amendments in mind.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Jones Day | Attorney Advertising

Written by:

Jones Day

Jones Day on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.