Keypoint: The California legislature enters into the final week of its session with many bills still under consideration.

We are currently tracking thirteen privacy and AI-related bills that previously crossed chambers prior to the legislative deadline. With the California legislature closing on August 31, we will be providing weekly updates on the progress of these bills.

1. What’s New

As we enter the final week of the California legislative session, many of the bills we have been tracking are still alive. Overall, of the thirteen bills we have been tracking, one bill already became law (AB 3286), two bills died (AB 2877 and AB 1791), and the remaining ten bills are still under consideration. We provide the current status of these ten bills (all of which saw some movement last week) below. Keep in mind that, before final passage, a bill that is amended by the other chamber must return to its house of origin to concur in the amendments.

Turning first to privacy bill developments from last week, AB 3048 (opt-out preference signals) was amended on the Senate floor, read for a third time, and ordered to a second reading. Among other things, the amendment adds a January 1, 2026 operative date and provides a definition for “opt-out preference signal.”

AB 1949 (kid’s privacy) was ordered to a third reading in the Senate.

SB 1223 (neural data) was read for a third time, amended, and ordered to a third reading. The changes appear to be non-substantive.

AB 1008 (personal information and AI systems) was read for a third time, amended, and ordered to a second reading. It appears that the bill was amended to add the neural data provisions from SB 1223.

AB 1824 (recognition of prior opt-outs in M&A deals) was read for a third time, amended, and ordered to a second reading. According to the legislative description, the bill was amended to incorporate changes from AB 1949 (kid’s privacy) that would be operative only if both bills are enacted and AB 1824 is enacted last.

Turning to AI-related bill developments from last week, AB 2930 (algorithmic discrimination) was read for a second time and ordered to a third reading.

SB 1047 (“Safe and Secure Innovation for Frontier Artificial Intelligence Act”) was read for a third time, amended, and ordered to a third reading. The amendments appear to be limited to the composition of the Board of Frontier Models.

AB 3211 (provenance, authenticity and watermarking standards) was read for a second time, amended, and ordered returned for a second reading. Among other changes, the amendments lowered the administrative fines that are available for violations.

On August 19, AB 2013 (AI training data transparency) was read for a third time, amended, and ordered to a second reading. On August 20, the bill was read for a second time and ordered to a third reading. The amendments appear to have narrowed the bill to generative artificial intelligence.

On August 21, AB 2885 (definition of AI) was read for a third time, amended, and ordered to a second reading. On August 22, the bill was read for a second time and ordered to a third reading. It appears the amendment removed provisions unrelated to AI.

Finally, SB 942 (California AI Transparency Act) was read for a third time, amended, and ordered to a third reading.

2. Summary and Current Status of Bills

Privacy Bill Developments

AB 2877 (Use of Personal Information with AI)

Summary: The bill amends the CCPA to prohibit a developer from using a consumer’s personal information to train or fine-tune an artificial intelligence system or service unless the consumer or the consumer’s parent or guardian has affirmatively authorized such use.

Current Status: The bill died in the Senate.

AB 3048 (Opt-Out Preference Signals)

Summary: The bill prohibits businesses from developing or maintaining a browser that does not include a setting that enables a consumer to send an opt-out preference signal to a business with which the consumer interacts through the browser. The bill also prohibits businesses from developing or maintaining a mobile operating system through which a consumer interacts with a business that does not include a setting that enables the consumer to send an opt-out preference signal to that business.

Current Status: On August 23, the bill was read for a third time, amended, and ordered to a second reading.

AB 1949 (Kid’s Privacy)

Summary: The bill amends the CCPA to prohibit businesses from collecting, selling, sharing, using or disclosing the personal information of kid’s ages 13 to 17 without the kid’s consent or, for children under 13, without parental/guardian consent. A business must have actual knowledge that the consumer is below 18 or 13. A business that willfully disregards the consumer’s age is deemed to have actual knowledge. In addition, a business must treat a consumer as under 18 years of age if the consumer, through a platform, technology, or mechanism, transmits a signal indicating that the consumer is less than 18 years of age.

Current Status: On August 19, the bill was ordered to a third reading in the Senate.

SB 1223 (Neural Data)

Summary: The bill amends the CCPA’s definition of sensitive personal information to include neural data.

Current Status: On August 22, the bill was read for a third time, amended and ordered to a third a reading.

AB 1008 (Personal Information and AI Systems)

Summary: The bill amends the CCPA to specify that personal information can exist in various formats, including artificial intelligence systems that are capable of outputting personal information. As explained in the CPPA’s position paper written by Deputy Director of Policy & Legislation Maureen Mahoney: “[T]his bill seeks to underscore that personal information that exists in AI systems is still personal information, and therefore subject to existing CCPA obligations on businesses, such as data minimization, and the requirement to respond to consumer requests to access, delete, correct, and stop the sale/sharing of their personal information.”

Current Status: On August 23, the bill was read for a third time, amended, and ordered to a second reading.

AB 1824 (Recognition of Prior Opt-Outs in M&A Deals)

Summary: The bill amends the CCPA to require a business to which another business transfers the personal information of a consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the transferee assumes control of all or part of the transferor to comply with a consumer’s opt-out direction to the transferor.

Current Status: On August 22, the bill was read for a third time, amended, and ordered to a second reading.

AB 3286 (Monetary Thresholds)

Summary: The bill authorizes the California Privacy Protection Agency to make changes to certain CCPA monetary thresholds. The bill also makes changes to the CCPA’s consumer privacy fund.

Current Status: Signed into law on July 15.

AI Bill Developments

AB 2930 (Algorithmic Discrimination)

Summary: The bill would have minimized algorithmic discrimination in a manner similar to Colorado’s recently passed CAIA by broadly prohibiting deployers and developers of automated decision tools from using these tools or making such tools available that result in algorithmic discrimination. On August 15, the bill was amended to narrow the bill to apply only to certain employment decisions (e.g., hiring or termination) and to no longer apply to the state government’s use of AI systems. 

Current Status: On August 19, the bill was read a second time and ordered to a third reading.

SB 1047 (“Safe and Secure Innovation for Frontier Artificial Intelligence Act”)

Summary: The bill would implement standards for the largest and most powerful AI models. 

Current Status: On August 22, the bill was read for a third time, amended, and ordered to a third reading.

AB 3211 (Provenance, Authenticity and Watermarking Standards)

Summary: Among other provisions, the bill would require generative AI system providers to: (1) place watermarks containing provenance data into their AI generated content; (2) provide public tools or services that can determine whether a piece of content was created by the provider’s generative AI system; (3) conduct regular “red-teaming exercises” to test whether watermarks can be easily removed or fabricated; (4) publicly disclose the discovery of any vulnerability or failure in their generative AI system; and (5) make certain disclosures to users of the developer’s “conversational AI systems.” 

Current Status: On August 23, the bill was read for a second time, amended and ordered returned for a second reading.

AB 1791 (Digital Content Provenance for Social Media Platforms)

Summary: The bill would require social media platforms to redact personal provenance data from content uploaded by a user but prohibit platforms from redacting system provenance data from such content (with exceptions).

Current Status: The bill died in the Senate.

AB 2013 (AI Training Data Transparency)

Summary: The bill would require developers of AI systems or services to post a high-level summary of the datasets used in the development of the system or service on their website, with certain details described in the bill. The bill would also require developers to disclose whether the system uses “synthetic data generation.”

Current Status: On August 19, the bill was read for a third time, amended, and ordered to a second reading. On August 20, the bill was read for a second time and ordered to a third reading.

AB 2885 (Definition of AI)

Summary: The bill would incorporate a new definition of “artificial intelligence” into existing California law.

Current Status: On August 21, the bill was read for a third time, amended, and ordered to a second reading. On August 22, the bill was read for a second time and ordered to a third reading.

SB 942 (California AI Transparency Act)

Summary: Among other provisions, the bill would require a covered provider (a business that provides generative AI systems with one million monthly users on average) to create an AI detection tool that a person could use to identify what text, image, video, audio, or multimedia content was created by the provider’s generative AI system. Additionally, a covered provider would be required to include a visible disclosure that content is AI-generated for any image, text, video, or multimedia content created by its system.

Current Status: On August 23, the bill was read for a third time, amended, and ordered to a third reading.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of David Stauss David Stauss

David routinely counsels clients on complying with privacy laws such as the EU’s General Data Protection Regulation, the California Consumer Privacy Act, the Colorado Privacy Act, and other state privacy laws. David is certified by the International Association of Privacy Professionals as…

David routinely counsels clients on complying with privacy laws such as the EU’s General Data Protection Regulation, the California Consumer Privacy Act, the Colorado Privacy Act, and other state privacy laws. David is certified by the International Association of Privacy Professionals as a Privacy Law Specialist, Certified Information Privacy Professional (US and EU), Certified Information Privacy Technologist, and Fellow of Information Privacy.

Photo of Owen Davis Owen Davis

Owen assists employers across industry sectors – from small businesses to Fortune 500 corporations – to identify changing workplace law at a local, state and federal level. He offers legal guidance on employment agreements, restrictive covenants, personnel policies and other human resources issues.

Owen assists employers across industry sectors – from small businesses to Fortune 500 corporations – to identify changing workplace law at a local, state and federal level. He offers legal guidance on employment agreements, restrictive covenants, personnel policies and other human resources issues. Owen also represents employers before state and federal courts as well as administrative agencies on matters related to discrimination, retaliation, harassment, and wage and hour violations.

Photo of Fred Sager Fred Sager

With a focus on client compliance, Fred uses his two years of experience as a data privacy professional to assist our clients and attorneys with keeping up with the ever-changing, fast-paced data privacy landscape.

He does so by drafting a myriad of data

With a focus on client compliance, Fred uses his two years of experience as a data privacy professional to assist our clients and attorneys with keeping up with the ever-changing, fast-paced data privacy landscape.

He does so by drafting a myriad of data privacy compliance documentation, including privacy policies, cookie policies, data processing agreements, data protection impact assessments, website checklists, and more. Fred also monitors, researches, and analyzes federal and state privacy legislation, judicial decisions, and regulatory proposals.

Fred is passionate about collaborating with our dedicated data privacy team to develop robust policies that prioritize privacy, mitigate risk, and ensure compliance with the constant-evolving consumer privacy laws.