Keypoint: Last week, the California legislature returned from its summer recess and began moving forward with privacy and AI legislation prior to the August 31 session closing date.

We are currently tracking thirteen privacy and AI-related bills that previously crossed chambers prior to the legislative deadline. With the California legislature closing on August 31, we will be providing weekly updates on the progress of these bills.

1. What’s New

The California bills were dormant in July as the legislature was on a month-long summer recess that started on July 3. When the legislature reconvened on Monday, August 5, it immediately resumed consideration of some of the bills with the Senate Appropriations committee holding a hearing that same day. Several bills are now scheduled for an August 15 committee hearing. Meanwhile, some bills have moved to floor votes. All together, eleven of the thirteen bills we are tracking saw movement last week. 

2. Summary and Current Status of Bills

Privacy Bill Developments

AB 2877 (Use of Personal Information with AI)

Summary: The bill amends the CCPA to prohibit a developer from using a consumer’s personal information to train or fine-tune an artificial intelligence system or service unless the consumer or the consumer’s parent or guardian has affirmatively authorized such use.

Current Status: After unanimously passing the Senate Judiciary committee in June, the bill was amended and referred to the Senate Appropriations committee. It was read in the August 5 hearing where it received an endorsement from Common Sense Media with no objections. It was ordered to the suspense file and is scheduled for another hearing in the Senate Appropriations committee on August 15. For context, when a bill is referred to the “suspense file,” it is because the bill has a significant financial impact and is placed on hold while the Appropriations committee considers the financial implications to eventually decide whether to push it forward or hold it back. 

AB 3048 (Opt-Out Preference Signals)

Summary: The bill prohibits businesses from developing or maintaining a browser that does not include a setting that enables a consumer to send an opt-out preference signal to a business with which the consumer interacts through the browser. The bill also prohibits businesses from developing or maintaining a mobile operating system through which a consumer interacts with a business that does not include a setting that enables the consumer to send an opt-out preference signal to that business.

Current Status: The bill unanimously passed the Senate Judiciary committee in July and was referred to the Senate Appropriations committee where it was amended. On August 6, it was read by the Senate Appropriations committee a second time and ordered to a third reading on the Senate floor, which could occur as early as August 12.

AB 1949 (Kid’s Privacy)

Summary: The bill amends the CCPA to prohibit businesses from collecting, selling, sharing, using or disclosing the personal information of kid’s ages 13 to 17 without the kid’s consent or, for children under 13, without parental/guardian consent. A business must have actual knowledge that the consumer is below 18 or 13. A business that willfully disregards the consumer’s age is deemed to have actual knowledge. In addition, a business must treat a consumer as under 18 years of age if the consumer, through a platform, technology, or mechanism, transmits a signal indicating that the consumer is less than 18 years of age.

Current Status: The bill unanimously passed the Senate Judiciary committee in July and was referred to the Senate Appropriations committee where it was amended. It was read for a second time in the Appropriations committee on August 5, where it was placed on the suspense file and scheduled for another committee hearing on August 15.

SB 1223 (Neural Data)

Summary: The bill amends the CCPA’s definition of sensitive personal information to include neural data.

Current Status: The bill unanimously passed the Assembly Privacy and Consumer Protection committee in July and was heard by the Assembly Appropriations committee on August 7. It also unanimously passed the Appropriations committee and was ordered to the consent calendar. For context, when a bill is ordered to the consent calendar, it is considered non-controversial and is expected to pass without significant debate.

AB 1008 (Personal Information and AI Systems)

Summary: The bill amends the CCPA to specify that personal information can exist in various formats, including artificial intelligence systems that are capable of outputting personal information. As explained in the CPPA’s position paper written by Deputy Director of Policy & Legislation Maureen Mahoney: “[T]his bill seeks to underscore that personal information that exists in AI systems is still personal information, and therefore subject to existing CCPA obligations on businesses, such as data minimization, and the requirement to respond to consumer requests to access, delete, correct, and stop the sale/sharing of their personal information.”

Current Status: The bill passed the Senate Judiciary committee in July by a vote of 9-2 and was referred to the Appropriations committee. It was read for a second time on August 6 and ordered to a third reading. 

AB 1824 (Recognition of Prior Opt-Outs in M&A Deals)

Summary: The bill amends the CCPA to require a business to which another business transfers the personal information of a consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the transferee assumes control of all or part of the transferor to comply with a consumer’s opt-out direction to the transferor.

Current Status: The bill unanimously passed the Assembly in early May and was ordered to a third reading in the Senate on June 20.

AB 3286 (Monetary Thresholds)

Summary: The bill authorizes the California Privacy Protection Agency to make changes to certain CCPA monetary thresholds. The bill also makes changes to the CCPA’s consumer privacy fund.

Current Status: Signed into law on July 15.

AI Bill Developments

AB 2930 (Algorithmic Discrimination)

Summary: The bill would minimize algorithmic discrimination in a manner similar to Colorado’s recently passed CAIA. The bill broadly prohibits deployers and developers of automated decision tools from using these tools or making such tools available that result in algorithmic discrimination.

Current Status: The bill passed the Senate Judiciary committee 9-2 in July and was referred to the Senate Appropriations committee where it was amended. It was read during the August 5 hearing and received opposition from the Electronic Frontier Foundation and the American Staffing Association. It was moved to the suspense file and will be heard at the Senate Appropriations committee hearing on August 15.

SB 1047 (“Safe and Secure Innovation for Frontier Artificial Intelligence Act”)

Summary: The bill would implement clear standards for the largest and most powerful AI models. 

Current Status: The bill passed the Assembly Judiciary committee 9-1 in July and was referred to the Assembly Appropriations committee where it was amended. It was read during an Appropriations committee hearing on August 7 and placed on the suspense file. It is scheduled for another hearing with the Assembly Appropriations committee on August 15. 

AB 3211 (Provenance, Authenticity and Watermarking Standards)

Summary: Among other provisions, the bill would require generative AI system providers to: (1) place watermarks containing provenance data into their AI generated content; (2) provide public tools or services that can determine whether a piece of content was created by the provider’s generative AI system; (3) conduct regular “red-teaming exercises” to test whether watermarks can be easily removed or fabricated; (4) publicly disclose the discovery of any vulnerability or failure in their generative AI system; and (5) make certain disclosures to users of the developer’s “conversational AI systems.” 

Current Status: The bill was referred to the Senate Appropriations committee after passing the Senate Judiciary committee 10-2 in June. It was heard in the Senate Appropriations committee on August 5. At the hearing, it received support from the City and County of San Francisco Board of Supervisors and from a disgruntled voice actor, who alleged that the video game company Activision wrongly replicated his voice with generative AI to voice multiple characters. The individual stated that the bill would “reduce costly legal disputes from unauthorized uses of digital likeness, saving the state and businesses significant litigation expenses, while protecting both labor and employees from exploitation and deepfakes by using provenance to track AI replica use.” On the opposition side, the Department of Finance expressed their concerns that the bill would use general funds not included in the 2024 Budget Act. The bill was referred to the suspense file and is set for another Senate Appropriations committee hearing on August 15.

AB 2013 (AI Training Data Transparency)

Summary: The bill would require developers of AI systems or services to post a high-level summary of the datasets used in the development of the system or service on their website, with certain details described in the bill. The bill would also require developers to disclose whether the system uses “synthetic data generation.”

Current Status: The bill passed the Assembly in May 20 by a 56-8 vote. It was ordered to a third reading in the Senate on June 27.

AB 2885 (Definition of AI)

Summary: The bill would incorporate a new definition of “artificial intelligence” into existing California law.

Current Status: The bill unanimously passed the Senate Judiciary committee in June and was referred to the Senate Appropriations committee which ordered it to the consent calendar. It was ordered to a third reading on August 5.

AB 1791 (Digital Content Provenance for Social Media Platforms)

Summary: The bill would require social media platforms to redact personal provenance data from content uploaded by a user but prohibit platforms from redacting system provenance data from such content (with exceptions).

Current Status: The bill passed the State Assembly in May by a 50-10 vote. It was passed with amendments by the Senate Judiciary and Senate Appropriations committees on June 18 and July 1, respectively. The Appropriations committee has now referred the bill to the suspense file and it is scheduled for an August 15 hearing with the Senate Appropriations committee.

SB 942 (California AI Transparency Act)

Summary: Among other provisions, the bill would require a covered provider (a business that provides generative AI systems with one million monthly users on average) to create an AI detection tool that a person could use to identify what text, image, video, audio, or multimedia content was created by the provider’s generative AI system. Additionally, a covered provider would be required to include a visible disclosure that content is AI-generated for any image, text, video, or multimedia content created by its system.

Current Status: The bill passed the Assembly Judiciary committee 9-1 in July. It had its first hearing in the Assembly Appropriations committee on August 7, where it was placed on the suspense file and scheduled for a second hearing on August 15.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of David Stauss David Stauss

David routinely counsels clients on complying with privacy laws such as the EU’s General Data Protection Regulation, the California Consumer Privacy Act, the Colorado Privacy Act, and other state privacy laws. David is certified by the International Association of Privacy Professionals as…

David routinely counsels clients on complying with privacy laws such as the EU’s General Data Protection Regulation, the California Consumer Privacy Act, the Colorado Privacy Act, and other state privacy laws. David is certified by the International Association of Privacy Professionals as a Privacy Law Specialist, Certified Information Privacy Professional (US and EU), Certified Information Privacy Technologist, and Fellow of Information Privacy.

Photo of Owen Davis Owen Davis

Owen assists employers across industry sectors – from small businesses to Fortune 500 corporations – to identify changing workplace law at a local, state and federal level. He offers legal guidance on employment agreements, restrictive covenants, personnel policies and other human resources issues.

Owen assists employers across industry sectors – from small businesses to Fortune 500 corporations – to identify changing workplace law at a local, state and federal level. He offers legal guidance on employment agreements, restrictive covenants, personnel policies and other human resources issues. Owen also represents employers before state and federal courts as well as administrative agencies on matters related to discrimination, retaliation, harassment, and wage and hour violations.

Photo of Fred Sager Fred Sager

With a focus on client compliance, Fred uses his two years of experience as a data privacy professional to assist our clients and attorneys with keeping up with the ever-changing, fast-paced data privacy landscape.

He does so by drafting a myriad of data

With a focus on client compliance, Fred uses his two years of experience as a data privacy professional to assist our clients and attorneys with keeping up with the ever-changing, fast-paced data privacy landscape.

He does so by drafting a myriad of data privacy compliance documentation, including privacy policies, cookie policies, data processing agreements, data protection impact assessments, website checklists, and more. Fred also monitors, researches, and analyzes federal and state privacy legislation, judicial decisions, and regulatory proposals.

Fred is passionate about collaborating with our dedicated data privacy team to develop robust policies that prioritize privacy, mitigate risk, and ensure compliance with the constant-evolving consumer privacy laws.