Privacy Update: New Developments to Proposed CCPA Amendments
There have been developments in the following five proposed amendments to the California Consumer Privacy Act (CCPA).
- AB 2004 Regarding Medical Test Results Verification Credentials: Amendments on May 12 made significant changes to the bill text. The amendment authorizes issuers of COVID-19 test results or other medical test results, including issuers that are public entities, to use verifiable credentials, as defined by the World Wide Web Consortium (W3C), for the purpose of providing test results to individuals.
- AB 2261 Regarding Facial Recognition Technology: May 12 amendments require a controller using a facial recognition service to make decisions that produce legal (or similarly significant) effects concerning individuals to ensure that those decisions are subject to meaningful human review. Such meaningful human review means review by trained individuals who are responsible for decisions based, in whole or in part, on the output of a facial recognition service. AB 2261 additionally has other requirements on facial recognition technology that remain unchanged. These include individual rights to confirm if a controller has enrolled an image or a facial template of that individual, the right to correct or challenge a decision to enroll an image or a facial template of that individual, and the right to withdraw consent to enroll an image or a facial template used in facial recognition services in a public space.
- AB 3116 Regarding Mobility Devices: This bill requires mobility service operators to share aggregated and deidentified trip data (GPS, addresses, and times of routes traveled) with public agencies upon request for transportation planning and safety purposes. A mobility device is any transportation device or vehicle, including but not limited to, a bicycle, electric bicycle, electric scooter, autonomous vehicle, vehicle utilized on an online-enabled application or platform of a transportation network company, or any other device that can be moved in any public area.
- SB 980 Regarding DNA or Illness Testing Companies: This bill establishes the Genetic Information Privacy Act, which would prohibit a direct-to-consumer genetic or illness testing services company from disclosing a person’s genetic information to a third party without obtaining the person’s prior written consent. The bill would impose civil and criminal penalties for a violation of those provisions, such as a fine not to exceed $10,000, imprisonment in a county jail up to 6 months, or both a fine and imprisonment. This bill is set for hearing on May 22, 2020.
- SB 1371 Regarding Maintenance of the Codes: This bill is set for hearing on May 22, 2020. It proposes non-substantive grammatical revisions to CCPA sections 1798.140 and 1798.145.