Calif. Senate OKs Bill Targeting Online Data Brokers
by Erin Coe, Law 360
A measure that would rein in how consumers’ personal data posted on commercial websites is bought, sold and traded to unregulated third parties cleared the California Senate on Thursday, May 8.
In a 24-8 vote, the state Senate floor approved S.B. 1348, which is being carried by state Sen. Mark DeSaulnier, D-Concord. The legislation would require online data brokers that sell personal information to third parties to allow California residents to opt-out of the sale and public posting of their data upon request.
The bill now moves on to the California Assembly for review.
“Too often, unregulated data brokers are buying, selling and trading the personal information of Californians – raising privacy and safety concerns,” DeSaulnier said in a statement. “S.B. 1348 allows individuals to maintain their constitutional right to personal privacy by giving them the option to opt out of their personal information being displayed or sold online.”
The Privacy Rights Clearinghouse and the American Civil Liberties Union are backing the bill. But the measure has drawn opposition from several groups, including the California Association of Licensed Investigators, the California Chamber of Commerce, the California Restaurant Association, Reed Elsevier PLC and the Direct Marketing Association.
The licensed investigators group claims that the bill could prevent effective investigations that are important for the safety of people in their homes and workplaces, as well as impede the ability of businesses to fight workers’ compensation fraud and combat counterfeit products.
Under the bill, a consumer would be able to review the personal information a data broker owns and could request that it be permanently removed from the broker’s database. The broker would have to remove personal information, including Social Security numbers, financial and medical information, and physical characteristics and descriptions, within 10 days if asked to do so by the individual.
The data broker also would be blocked from reposting personal information or transferring it to another business entity, according to the measure.
S.B. 1348 would make it unlawful for a data broker to solicit or accept a fee to remove personal information from its database. The bill further proposes to allow an individual to bring a civil action against a data broker in violation of the measure and seek damages of $1,000 per violation or actual damages, costs and reasonable attorneys’ fees. The bill seeks to cover data collected by brokers on and after Jan. 1, 2015.
Other bills that deal with consumer data and privacy issues moving through the Legislature include:
– AB2200 by Assembly Speaker John Perez, D-Los Angeles, would create a cybersecurity commission of government and business officials to make recommendations for the Legislature and agencies about how to respond to cyber attacks and protect personal data. The bill is before the Assembly Appropriations Committee.
– AB1442 by Assemblyman Mike Gatto, D-Los Angeles, seeks to restrict the use of student information on social media by school districts, county offices of education and charter schools. The bill requires schools to gather only information that is publicly accessible, give students the opportunity to delete or correct data, destroy records after a certain time and notify parents and guardians of the program. The bill is headed to an Assembly floor vote.
– SB1177 by Senate President Pro Tem Darrell Steinberg, D-Sacramento, is a student privacy bill that seeks to ban the use of student data for commercial use, require providers to use data for school purposes only and ban the sale of student personal information to advertisers and third parties. It heads to the Assembly after passing the Senate.
– SB1348 by Sen. Mark DeSaulnier, D-Concord, would require an opt-out provision for online data brokers who sell information, such as medical conditions and shopping behavior, to remove people’s data from websites and databases. It heads to the Assembly after passing the Senate.
– SB383 by Sen. Hannah-Beth Jackson, D-Santa Barbara, requires online merchants to delete a customer’s address and zip code from records when the information is no longer necessary for fraud detection or for the sale. Apple and other companies successfully pushed for its defeat in 2013, but it passed the Senate after an amendment narrowed the bill’s scope.