Keypoint: Last week, several privacy and AI bills passed out of committee (with some receiving amendments) while two bills died in committee.

We are currently tracking thirteen privacy and AI-related bills that previously crossed chambers prior to the legislative deadline. With the California legislature closing on August 31, we will be providing weekly updates on the progress of these bills.

1. What’s New

With the August 31 legislature closure date drawing near, we saw significant activity last week with many of the bills we are tracking.

Turning first to privacy bill developments, AB 1949 passed out of the Senate Appropriations committee by a 4-1 vote. The bill amends the CCPA to prohibit businesses from collecting, selling, sharing, using or disclosing the personal information of kid’s ages 13 to 17 without the kid’s consent or, for children under 13, without parental/guardian consent. 

On August 12, SB 1223 (neural data), was ordered to a third reading in the Assembly where it is scheduled for a vote on August 19.

Conversely, AB 2877 died in committee. The bill would have amended the CCPA to prohibit a developer from using a consumer’s personal information to train or fine-tune an AI system or service without affirmative consent.

Turning next to AI bill developments, AB 2930 passed out of the Senate Appropriations committee on August 15 but not before undergoing a significant amendment. Prior to the amendment, the bill was similar in kind to the Colorado AI Act insofar as it would have minimized algorithmic discrimination in a variety of settings, including education, employment, healthcare, and financial services. The amendment narrows the bill to apply only to certain employment decisions (e.g., hiring or termination), makes the bill no longer apply to the state government’s use of AI systems, and narrows enforcement only to the Civil Rights Department. The bill is currently scheduled for a second reading on August 19.

An amended version of SB 1047 passed out of the Assembly Appropriations committee on August 15. The bill would implement standards for the largest and most powerful AI models. The amendments changed reporting and auditing requirements and narrowed the scope of the cloud compute provisions. It is scheduled for a second reading on the Assembly floor on August 19.

AB 3211 also passed out of the Senate Appropriations committee on August 15. The bill concerns provenance, authenticity and watermarking standards. It is scheduled for a second reading on the Senate floor on August 19.

An amended version of SB 942 passed out of the Assembly Appropriations committee on August 15. Among other provisions, the bill would require a covered provider (a business that provides generative AI systems with one million monthly users on average) to create an AI detection tool that a person could use to identify what text, image, video, audio, or multimedia content was created by the provider’s generative AI system. The bill was amended to delay its implementation in order to make technical changes. It is scheduled for a second reading on the Assembly floor on August 19.

Finally, AB 1791 died in committee. The bill would have required social media platforms to redact personal provenance data from content uploaded by a user but prohibit platforms from redacting system provenance data from such content (with exceptions).

2. Summary and Current Status of Bills

Privacy Bill Developments

AB 2877 (Use of Personal Information with AI)

Summary: The bill amends the CCPA to prohibit a developer from using a consumer’s personal information to train or fine-tune an artificial intelligence system or service unless the consumer or the consumer’s parent or guardian has affirmatively authorized such use.

Current Status: The bill was read in the August 5 hearing where it was placed on the suspense file after receiving an endorsement from Common Sense Media. It was scheduled to be heard in the August 15 hearing, but was held in committee – meaning that the committee has decided not to move forward on the bill. In an August 16 press release, the California Chamber of Commerce reported that the bill is dead.

AB 1949 (Kid’s Privacy)

Summary: The bill amends the CCPA to prohibit businesses from collecting, selling, sharing, using or disclosing the personal information of kid’s ages 13 to 17 without the kid’s consent or, for children under 13, without parental/guardian consent. A business must have actual knowledge that the consumer is below 18 or 13. A business that willfully disregards the consumer’s age is deemed to have actual knowledge. In addition, a business must treat a consumer as under 18 years of age if the consumer, through a platform, technology, or mechanism, transmits a signal indicating that the consumer is less than 18 years of age.

Current Status: The bill was read for a second time in the Senate Appropriations committee on August 5 and placed on the suspense file. It passed the committee on August 15 by a vote of 4-1.

SB 1223 (Neural Data)

Summary: The bill amends the CCPA’s definition of sensitive personal information to include neural data.

Current Status: The bill unanimously passed the Assembly Appropriations committee on August 7 and was ordered to the consent calendar. It is scheduled for a third reading on the Assembly floor on August 19.

AB 3286 (Monetary Thresholds)

Summary: The bill authorizes the California Privacy Protection Agency to make changes to certain CCPA monetary thresholds. The bill also makes changes to the CCPA’s consumer privacy fund.

Current Status: Signed into law on July 15.

AI Bill Developments

AB 2930 (Algorithmic Discrimination)

Summary: The bill would have minimized algorithmic discrimination in a manner similar to Colorado’s recently passed CAIA by broadly prohibiting deployers and developers of automated decision tools from using these tools or making such tools available that result in algorithmic discrimination. On August 15, the bill was amended to narrow the bill to apply only to certain employment decisions (e.g., hiring or termination) and to no longer apply to the state government’s use of AI systems. 

Current Status: The bill was read during the August 5 hearing and moved to the suspense file after facing opposition from the Electronic Frontier Foundation and the American Staffing Association. On August 15, the Senate Appropriations committee passed a significantly amended version, which will “delete all requirements for state and local agencies to provide for enforcement by the Civil Rights Division only, and to narrow the scope of the bill to employment.” It was ordered returned and is scheduled for a second reading.

SB 1047 (“Safe and Secure Innovation for Frontier Artificial Intelligence Act”)

Summary: The bill would implement standards for the largest and most powerful AI models. 

Current Status: The bill was read during an Assembly Appropriations committee hearing on August 7 and placed on the suspense file. On August 15, it was passed by the committee with amendments to change “reporting and auditing requirements, and to narrow the scope of the cloud compute provisions.” It is scheduled for a second reading on the Assembly floor on August 19.

AB 3211 (Provenance, Authenticity and Watermarking Standards)

Summary: Among other provisions, the bill would require generative AI system providers to: (1) place watermarks containing provenance data into their AI generated content; (2) provide public tools or services that can determine whether a piece of content was created by the provider’s generative AI system; (3) conduct regular “red-teaming exercises” to test whether watermarks can be easily removed or fabricated; (4) publicly disclose the discovery of any vulnerability or failure in their generative AI system; and (5) make certain disclosures to users of the developer’s “conversational AI systems.” 

Current Status: The bill was heard in the Senate Appropriations committee on August 5 where it was placed on the suspense file before receiving opposition from the Department of Finance and endorsements from the City and County of San Francisco Board of Supervisors and a concerned citizen. On August 15, it passed the committee with a vote of 4-2 via a substitute roll call for AB 2739 with Republicans voting no. It is scheduled for a second reading on the Senate floor on August 19.

AB 1791 (Digital Content Provenance for Social Media Platforms)

Summary: The bill would require social media platforms to redact personal provenance data from content uploaded by a user but prohibit platforms from redacting system provenance data from such content (with exceptions).

Current Status: The Senate Appropriations committee referred the bill to the suspense file on July 1. It was scheduled for a committee hearing on August 15 but was held in committee. According to the California Chamber of Commerce, the bill is dead.

SB 942 (California AI Transparency Act)

Summary: Among other provisions, the bill would require a covered provider (a business that provides generative AI systems with one million monthly users on average) to create an AI detection tool that a person could use to identify what text, image, video, audio, or multimedia content was created by the provider’s generative AI system. Additionally, a covered provider would be required to include a visible disclosure that content is AI-generated for any image, text, video, or multimedia content created by its system.

Current Status: The bill had its first hearing in the Assembly Appropriations committee on August 7, where it was placed on the suspense file. It passed the committee on August 15 unanimously with no votes recorded by Republicans on the committee. It was also amended to delay its implementation in order to make technical changes. It is scheduled for a second reading on the Assembly floor on August 19.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of David Stauss David Stauss

David routinely counsels clients on complying with privacy laws such as the EU’s General Data Protection Regulation, the California Consumer Privacy Act, the Colorado Privacy Act, and other state privacy laws. David is certified by the International Association of Privacy Professionals as…

David routinely counsels clients on complying with privacy laws such as the EU’s General Data Protection Regulation, the California Consumer Privacy Act, the Colorado Privacy Act, and other state privacy laws. David is certified by the International Association of Privacy Professionals as a Privacy Law Specialist, Certified Information Privacy Professional (US and EU), Certified Information Privacy Technologist, and Fellow of Information Privacy.

Photo of Owen Davis Owen Davis

Owen assists employers across industry sectors – from small businesses to Fortune 500 corporations – to identify changing workplace law at a local, state and federal level. He offers legal guidance on employment agreements, restrictive covenants, personnel policies and other human resources issues.

Owen assists employers across industry sectors – from small businesses to Fortune 500 corporations – to identify changing workplace law at a local, state and federal level. He offers legal guidance on employment agreements, restrictive covenants, personnel policies and other human resources issues. Owen also represents employers before state and federal courts as well as administrative agencies on matters related to discrimination, retaliation, harassment, and wage and hour violations.

Photo of Fred Sager Fred Sager

With a focus on client compliance, Fred uses his two years of experience as a data privacy professional to assist our clients and attorneys with keeping up with the ever-changing, fast-paced data privacy landscape.

He does so by drafting a myriad of data

With a focus on client compliance, Fred uses his two years of experience as a data privacy professional to assist our clients and attorneys with keeping up with the ever-changing, fast-paced data privacy landscape.

He does so by drafting a myriad of data privacy compliance documentation, including privacy policies, cookie policies, data processing agreements, data protection impact assessments, website checklists, and more. Fred also monitors, researches, and analyzes federal and state privacy legislation, judicial decisions, and regulatory proposals.

Fred is passionate about collaborating with our dedicated data privacy team to develop robust policies that prioritize privacy, mitigate risk, and ensure compliance with the constant-evolving consumer privacy laws.