Recent Online Privacy Legislation In California

—updated February 19, 2016

Each year, the California Legislature considers policy changes affecting consumer privacy. This page summarizes some recently enacted online privacy bills.


SB 178 (Leno) The California Electronic Communications Privacy Act: Requires law enforcement to obtain a search warrant, wiretap order or similar authority in order to obtain information from smartphones and other electronic devices without the owner’s consent.

AB 1116 (Committee on Privacy and Consumer Protection) Internet-connected televisions: Prohibits a person who is providing the initial setup of a “smart TV” from enabling the device’s voice recognition feature without prominently informing the consumer. Further prohibits any actual recordings collected through the voice recognition feature from being sold or used for advertising purposes.


AB 1442 (Gatto) Pupils’ social media information and retention: Requires a school district that gathers and maintains information about students from social media to notify the students and their parents; it also limits the information that can be collected and requires that it be destroyed when no longer needed.

AB 1710 (Dickinson) Personal information – privacy: Requires a business responsible for a data breach of their customers’ personal information to notify its customers and offer identity theft prevention services at no cost for at least 12 months.

AB 2667 (Bloom) Privacy and rent-to-own electronics: This CFC-sponsored legislation prohibits the use of monitoring technologies – spyware – on rented electronic devices such as computers, and restricts the use of a unit’s GPS tracking technologies solely to prevention of fraud; read more in CFC’s bill blog.

SB 1177 (Steinberg) Student privacy: Prohibits operators of websites and other online services from using a student’s personal information for purposes that are not school related, such as targeted advertising, student profiles, and disclosure, sale or use of a student’s covered information; requires deletion of a student’s covered information under the control of a local educational agency at the agency’s request.


AB 370 (Muratsuchi) Online tracking transparency: Requires a website or online service to disclose in its privacy policy whether it complies with a user’s Web browser signal or similar request to disable online tracking.

AB 658 (Calderon) Disclosure of personal information: Closes a loophole in the existing protection of Confidentiality of Medical Information Act rules, extending the act’s protections to mobile apps for medical purposes; read more in CFC’s bill blog.

AB 1149 (Campos) Identity theft: Helps to stop identity theft by requiring all local government agencies to notify their workers and constituents if their electronic data has been hacked, as the state and the private sector are already required to do; read more in CFC’s bill blog.

AB 1274 (Bradford) Privacy of personal utility data: Requires the California Public Utilities Commission to establish cybersecurity standards and protocols for a “smart grid” home area network device that communicates electrical or gas consumption data. The bill also requires utilities to give consumers educational materials about cybersecurity on the smart grid.

SB 46 (Corbett) Privacy of personal information: Strengthens computer account privacy protections by requiring the state and businesses operating in California to provide real-time notification when there is reason to believe someone may have obtained a California resident’s password, username or answers to security questions. Facilitates immediate changes to restrict access and prevents or limits financial losses and theft of personal data; read more in CFC’s bill blog.

SB 568 (Steinberg) Internet behavior by minors:  Restricts websites from advertising products that minors cannot legally purchase in the State of California.


Read more: