Keypoint: Of the ten privacy- and AI-related bills passed by the California legislature in the 2024 legislative session, Governor Newsom signed seven into law and vetoed three by the September 30 deadline.

Throughout the 2024 legislative session, we have been tracking numerous privacy- and AI-related bills pending in California. Ten of those bills passed the state legislature before the legislative session ended on August 31 (nine of which passed in the final week of August). Governor Newsom had a deadline of September 30 to sign or veto the bills that passed. Of the ten total bills, he signed seven into law and vetoed three bills. Those seven bills scheduled to go into effect consist of four laws related to privacy and three laws related to AI.

The below article provides a summary of the ten bills that Governor Newsom either signed into law or vetoed.

Keypoint: The California legislature closed its 2024 session by passing five privacy-related bills and four AI-related bills.

On Saturday, August 31, the California legislature closed its 2024 session. During the past calendar year, we tracked numerous privacy and AI-related bills with fourteen of them passing out of their chamber of origin prior to the legislative deadline. For the past month, we have been tracking thirteen of those bills with weekly updates (the fourteenth bill already having passed through the legislature). Of the six privacy-related bills we have been tracking, five ultimately passed the legislature during the final week of the session. Four of the seven AI-related bills also passed. 

The below article first provides a summary of the bills that passed during the final week of the session. The article then provides an overview of all fourteen bills.

Keypoint: The California legislature enters into the final week of its session with many bills still under consideration.

We are currently tracking thirteen privacy and AI-related bills that previously crossed chambers prior to the legislative deadline. With the California legislature closing on August 31, we will be providing weekly updates on the progress of these bills.

Keypoint: The appellate court ruled that the California Age-Appropriate Design Code Act’s impact assessment provision is unconstitutional and remanded the case back to the trial court to consider the constitutionality of the other challenged provisions.

On August 16, the Ninth Circuit Court of Appeals issued an opinion in NetChoice v. Bonta on the constitutionality of California’s Age-Appropriate Design Code Act (AADC). The appellate court affirmed the district court’s decision in part and vacated it in part. The appellate court affirmed the district court’s ruling that NetChoice was likely to succeed in showing that the AADC’s data protection impact assessment requirement violates the First Amendment. Based on that ruling, the appellate court affirmed the district court’s decision to enjoin enforcement of that requirement. The appellate court vacated the remainder of the district court’s ruling, determining that it is unclear from the record whether the remaining provisions of the AADC challenged by NetChoice violate the First Amendment. The appellate court remanded the case to the district court to consider the constitutionality of those provisions and whether the law’s unconstitutional provisions are severable from the remainder of the law.

In the below article, we provide an overview and analysis of the Ninth Circuit’s ruling.

Keypoint: Last week, several privacy and AI bills passed out of committee (with some receiving amendments) while two bills died in committee.

We are currently tracking thirteen privacy and AI-related bills that previously crossed chambers prior to the legislative deadline. With the California legislature closing on August 31, we will be providing weekly updates on the progress of these bills.

Keypoint: Last week, the California legislature returned from its summer recess and began moving forward with privacy and AI legislation prior to the August 31 session closing date.

We are currently tracking thirteen privacy and AI-related bills that previously crossed chambers prior to the legislative deadline. With the California legislature closing on August 31, we will be providing weekly updates on the progress of these bills.

Keypoint: The California legislature has many pending privacy and AI-related bills to consider before it closes on August 31.

The California legislature left for its summer recess on July 3 and will reconvene on August 5. Once it returns, the legislature will have twenty-six days to pass bills before it recesses for the year on August 31.

In the below article, we identify and briefly summarize the pending privacy and AI bills and where they stand in the legislative process. The bills cover a wide range of topics, including kid’s privacy, opt-out preference signals, neural data, and algorithmic discrimination. All together, we are tracking fourteen bills, one of which was signed into law on July 15. The remaining thirteen bills all passed through their chamber of origin prior to the May 24 deadline and are at various stages of consideration in the opposite chamber.

Keypoint: The California legislature is considering several bills that, if passed, would add to the nation’s emerging legal patchwork governing the use of artificial intelligence.

In mid-May, Colorado Governor Jared Polis signed the Colorado Artificial Intelligence Act (CAIA) into law, making Colorado the first state to enact legislation governing the use of high-risk artificial intelligence systems. Earlier this year, Utah enacted SB 149, which creates limited obligations for private sector companies deploying generative artificial intelligence, including disclosing its use.

The California legislature is currently considering seven AI-related bills that, if passed, would add to the growing patchwork of state AI laws. All of these bills have passed their chamber of origin and are currently being considered by the opposite chamber. While many state legislatures have already closed for the year, California’s legislative session does not end until August 31, 2024, meaning that there is still time for California to pass one or more bills.

In the below article, we briefly summarize these bills (as they are currently drafted) and identify their current status. We previously discussed four of these bills in our April 25 AI Legislation Update.

Keypoint: Last week, the FTC signaled an increased focus on COPPA enforcement, targeting education technology companies while California and federal lawmakers consider enacting new laws to regulate the processing of children’s data.

Over the past few months there has been a growing bipartisan consensus among lawmakers and regulators of the need for increased regulation around the processing of children’s data. In a sign of the significance of the issue, President Biden specifically addressed children’s data privacy in his State of the Union Address. As discussed below, recent actions by the Federal Trade Commission (the “Commission”) and lawmakers signal that companies processing children’s data should expect to see increased scrutiny.

Key Point: California AG Becerra’s investigation into security flaws in the Glow fertility app results in a settlement agreement that resembles recent enforcement agreements in New York but is also unique in requiring the app’s developer to consider gender-specific concerns within its privacy-by-design principles.

“When you meet with your doctor or healthcare provider in person, you know that your sensitive information is protected. It should be no different when you use healthcare apps over the internet,” according to California’s Attorney General Becerra. The consequences of not having the appropriate data protections? It means “a digital disclosure of your private medical records is instantaneously and eternally available to the world” per Becerra.

For these reasons, especially in the new era of telemedicine, developers of medical applications (health app) understand that consumers’ privacy and security must be protected. “Excuses are not an option,” Becerra warns. California’s settlement agreement with Upward Labs Holdings, Inc. (Upward Labs) and its subsidiary Glow, Inc. (Glow), is an example that Becerra’s warning should not be ignored.