Keypoint: The California legislature closed its 2024 session by passing five privacy-related bills and four AI-related bills.

On Saturday, August 31, the California legislature closed its 2024 session. During the past calendar year, we tracked numerous privacy and AI-related bills with fourteen of them passing out of their chamber of origin prior to the legislative deadline. For the past month, we have been tracking thirteen of those bills with weekly updates (the fourteenth bill already having passed through the legislature). Of the six privacy-related bills we have been tracking, five ultimately passed the legislature during the final week of the session. Four of the seven AI-related bills also passed. 

The below article first provides a summary of the bills that passed during the final week of the session. The article then provides an overview of all fourteen bills.Continue Reading California Privacy and AI Legislation Update: September 2, 2024

Keypoint: The California legislature enters into the final week of its session with many bills still under consideration.

We are currently tracking thirteen privacy and AI-related bills that previously crossed chambers prior to the legislative deadline. With the California legislature closing on August 31, we will be providing weekly updates on the progress of these bills.Continue Reading California Privacy and AI Legislation Update: August 26, 2024

Keypoint: Last week, several privacy and AI bills passed out of committee (with some receiving amendments) while two bills died in committee.

We are currently tracking thirteen privacy and AI-related bills that previously crossed chambers prior to the legislative deadline. With the California legislature closing on August 31, we will be providing weekly updates on the progress of these bills.Continue Reading California Privacy and AI Legislation Update: August 19, 2024

Keypoint: Last week, the California legislature returned from its summer recess and began moving forward with privacy and AI legislation prior to the August 31 session closing date.

We are currently tracking thirteen privacy and AI-related bills that previously crossed chambers prior to the legislative deadline. With the California legislature closing on August 31, we will be providing weekly updates on the progress of these bills.Continue Reading California Privacy and AI Legislation Update: August 12, 2024

Keypoint: The California legislature has many pending privacy and AI-related bills to consider before it closes on August 31.

The California legislature left for its summer recess on July 3 and will reconvene on August 5. Once it returns, the legislature will have twenty-six days to pass bills before it recesses for the year on August 31.

In the below article, we identify and briefly summarize the pending privacy and AI bills and where they stand in the legislative process. The bills cover a wide range of topics, including kid’s privacy, opt-out preference signals, neural data, and algorithmic discrimination. All together, we are tracking fourteen bills, one of which was signed into law on July 15. The remaining thirteen bills all passed through their chamber of origin prior to the May 24 deadline and are at various stages of consideration in the opposite chamber.Continue Reading California Privacy and AI Legislation Update: July 22, 2024

Keypoint: The settlement, which includes a $500,000 fine and injunctive relief, arises out of alleged violations of the CCPA’s children’s privacy provisions and COPPA.

On June 18, 2024, the California Attorney General announced it had reached a settlement with an online gaming company, resolving allegations that the company violated the California Consumer Privacy Act (CCPA) and federal Children’s Online Privacy Protection Act (COPPA) “by collecting and sharing children’s data without parental consent in their popular mobile app game ‘SpongeBob: Krusty Cook-Off.’” The Attorney General’s complaint and settlement were pursued in connection with the Los Angeles City Attorney’s office.

In the below article we provide a brief overview of the settlement.Continue Reading California Attorney General Announces Third Public CCPA Enforcement Settlement

Keypoint: In only its second public enforcement settlement, the California Attorney General announced a $375,000 fine along with injunctive relief.

On February 21, 2024, the California Attorney General announced that it had reached a settlement with a company, resolving allegations that the company violated the California Consumer Privacy Act (CCPA) and California Online Privacy Protection Act (CalOPPA). This is only the second time the Attorney General’s office has publicly announced a settlement. In August 2022, the office announced a settlement over allegations that a company failed to disclose that it was selling consumers’ personal information and failed to process opt-out requests via user-enabled global privacy controls.

In announcing the enforcement action, Attorney General Bonta stated “I hope today’s settlement serves as a wakeup call to businesses: The CCPA has been in effect for over four years now, and businesses must comply with this important privacy law. Violations cannot be cured, and my office will hold businesses accountable if they sell data without protecting consumers’ rights.”

In the below article we provide a brief overview of the settlement.Continue Reading California Attorney General Announces Second Public CCPA Enforcement Settlement

Keypoint: Based on the appellate court’s ruling, the new CCPA regulations are enforceable immediately instead of on March 29, 2024.

On February 9, 2024, a three-judge panel of the California Court of Appeals issued an order overruling a California trial court decision and holding that the new CCPA regulations approved by the Office of Administrative

Keypoint: The Agency proposed more revisions to the CCPA regulations for consideration at the December 8 board meeting.

On December 1, 2023, the California Privacy Protection Agency (Agency) published proposed revisions to the CCPA regulations as well as a chart explaining the proposed modifications. The draft regulations were released in connection with the Agency’s December 8 board meeting. Importantly, the draft revisions are only intended to facilitate Board discussion and public participation. The Agency has not yet started formal rulemaking.

The Board now has six sets of draft regulations to discuss at its December 8 meeting: (1) cybersecurity audits, (2) automated decisionmaking technology, (3) risk assessments, (4) revisions to the CCPA regulations, (5) insurance, and (6) data broker registry fee.

The revisions to the CCPA regulations come even though the Agency cannot yet enforce its first set of revisions to the CCPA regulations. The Agency finalized those regulations on March 29, 2023, but a trial court delayed enforcement until March 29, 2024, finding that the CCPA requires a twelve-month delay in enforcement after finalization.

The below article provides a brief overview of some of the more notable proposed revisions.Continue Reading CPPA Publishes Proposed Revisions to CCPA Regulations

Keypoint: The California Privacy Protection Agency continued its rulemaking efforts by releasing draft automated decisionmaking technology regulations although the Agency has yet to initiate the formal rulemaking process.

On November 27, 2023, the California Privacy Protection Agency (Agency) published draft automated decisionmaking technology regulations as well as revised draft risk assessment regulations. The draft regulations were released in connection with the Agency’s December 8 board meeting. Importantly, the draft regulations are only intended to facilitate Board discussion and public participation. The Agency has not yet started formal rulemaking.

This article focuses on how the two draft regulations address automated decisionmaking technology (ADMT). The risk assessment regulations contain additional provisions that are not addressed herein. In addition, given that these are only draft regulations, this article only provides a high-level summary and some takeaways. It does not provide an exhaustive analysis of the draft regulations.Continue Reading CPPA Publishes Draft Automated Decisionmaking Technology (AI) Regulations