The Path Forward on Privacy Issues Remains Hazy with One Month Remaining for the State Legislature

By Brett Johnson
July 25, 2019

On July 9th, the California Senate Judiciary Committee, which is chaired by Senator Hannah Beth Jackson (D-Santa Barbara), heard eight different bills amending the California Consumer Privacy Act of 2018 (CCPA), six of which passed. The hearing lasted roughly 12 hours and was contentious throughout. The Chair soundly rejected much of the arguments put forth by the business community regarding needed amendments to the CCPA, and, as a result, a number of key amendments were either defeated or significantly watered down.

With only a month of working days remaining for the California Legislature, a number of obstacles and sources of substantial legal exposure in the CCPA remain in place. A number of the concerns specific to the life sciences industry were addressed last year by Senate Bill 1121 (Dodd), which exempted from the CCPA much of the medical information and clinical trial research data used by the life sciences industry, though broader concerns remain for some.

A summary and the outcome on a number of the key bills of importance heard in committee are below:

  • AB 25 (Chau) – Employment data fix (Passed): Passed unanimously after Chau agreed to amendments to remove opposition from organized labor. The amendments add a one-year sunset on the employment data fix and keep the personal information of employees, contractors, job applicants, owners, directors, officers, and medical staff members, including their respective emergency contacts, subject to the CCPA’s disclosure rights and to the private right of action for data security breaches.
  • AB 384 (Chau) – Digital health feedback systems (Passed): This bill deems businesses that offer personal health record software or hardware to customers as “providers of health care” under the California Confidentiality of Medical Information Act (CMIA). This bill was formerly known as the “digital pill bill.”
  • AB 846 (Burke) Loyalty programs (Passed): Passed unanimously after Assemblymember Autumn Burke agreed to amendments proposed on the spot by the Chair. The amendments restrict all selling of information gathered as part of a loyalty program (unclear as to the extent to which this applies only to personal information). Amendments also struck the “functionality” language, which exempted from the CCPA nondiscrimination provisions the offering by businesses of specific goods or services where the functionality is directly related to the collection, use, or sale of the consumer’s data.
  • AB 873 (Irwin) Deidentified data (Failed): This bill would have clarified the scope of “deidentified” data under the CCPA, specifically excluding deidentified or aggregate consumer information from the definition of personal information. The author and business community rejected hostile amendments proposed by the Senate Judiciary Committee, and the bill ultimately failed 3-3.
  • AB 874 (Irwin) Publicly available information (Passed): This bill clarifies the definition of “publicly available” information in the CCPA to address potential First Amendment issues. Passed unanimously off the consent calendar.
  • AB 1416 (Cooley) Collection and disclosure of personal information (Dead): This bill would have ensured that businesses could share the personal information of consumers with government agencies solely for carrying out a government program and that businesses could sell consumer personal information, even if the consumer opted out, for fraud prevention purposes. Due to insufficient votes to pass the bill, Assemblyman Cooley pulled it from the agenda, and it is consequently dead for the year.

Any CLSA members who would like to provide input or would like further information on any of the efforts to amend the CCPA discussed above or CLSA’s engagement on the issue are asked to reach out to Oliver Rocroi, CLSA’s Senior Director, State Government Affairs ( or Brett Johnson, CLSA’s Senior Director, Policy & Regulatory Affairs (