Key point: The California legislature is currently considering several privacy-related bills that could impact the private sector.
The California legislature is currently in its summer recess, returning on August 18. Once it returns, it will have approximately five weeks to pass bills prior to closing for the year on September 12.
We are currently tracking 23 private sector AI-related bills and eight privacy-related bills that crossed chambers at the legislature’s deadline. If passed and signed into law, these bills could significantly impact companies doing business in California.
In this two-part series, we provide a brief summary of the bills and their current status. This article focuses on the privacy bills. Our prior article focused on the AI bills. Once the legislature reconvenes, we will provide regular updates on the status of the bills. If you are not already subscribed to this blog, we encourage you to do so to stay up to date.
AB 322 (Precise Geolocation Information)
The bill adds to the California Consumer Privacy Act (CCPA) to require companies that collect precise geolocation information to notify consumers and not retain the information for longer than is necessary to provide the goods or services requested by the consumer or one year after the consumer’s last interaction with the business, whichever is earlier. Businesses also cannot sell, trade, or lease to a third party and are limited in their disclosure of such information to government entities.
Current Status: The bill passed the Senate Judiciary Committee on July 15 by an 11-2 vote. It is now with the Appropriations Committee where it is scheduled for an August 18 hearing.
AB 302 (Data Brokers: Elected Officials and Judges)
The bill charges the California Privacy Protection Agency with obtaining lists of elected officials and judges and uploading those lists to the accessible deletion mechanism under the state’s data broker law. Entities would then have five days to delete the information. The bill creates a private right of action.
Current Status: The bill passed the Senate Judiciary Committee on July 15 by an 11-0 vote (2 nonvoting). It is now with the Appropriations Committee where it is scheduled for an August 18 hearing.
AB-1043 (Age Verification Signals)
This bill requires covered manufacturers to provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store. It also requires covered manufacturers to provide developers with a digital signal via a real-time API regarding whether a user is in any of several age brackets.
Current Status: The bill unanimously passed the Senate Judiciary Committee on July 15 and was referred to the Appropriations Committee where it is scheduled for an August 18 hearing.
AB 566 (Opt-Out Preference Signal)
The bill prohibits businesses from developing or maintaining a browser or browser engine that does not include a setting that enables a consumer to send an opt-out preference signal.
Current Status: The bill was ordered to a third reading in the Senate.
SB 361 (Data broker registration: data collection)
The bill amends the state’s data broker law to require data brokers to provide the California Privacy Protection Agency with additional information about their data collection activities, including whether they collect sensitive data such as biometric data and precise geolocation. Data brokers also would be required to disclose whether they shared or sold consumers’ data to a foreign actor, the federal government, other state governments, law enforcement, or a developer of an AI system or model.
Current Status: The bill was ordered to a third reading in the Assembly.
SB 435 (Sensitive Personal Information)
The bill amends the CCPA to remove the provision stating that sensitive personal information that is publicly available is not considered sensitive personal information or personal information.
Current Status: The bill failed to pass out of the Assembly Privacy & Consumer Protection Committee on July 16. However, the bill sponsor indicated that she will work with opponents on revising the bill. Opponents have raised concerns that the bill violates the First Amendment.
SB 690 (CIPA Amendment)
The bill amends the California Invasion of Privacy Act to address the avalanche of cookie and pixel litigation lawsuits.
Current Status: The bill passed the Assembly Public Safety Committee on July 1 and was referred to the Privacy & Consumer Protection Committee. However, the bill’s sponsor indicated that the bill will not advance further this year and will be revisited next session.
SB 354 (Insurance Consumer Privacy Protection Act of 2025)
This bill creates new standards for the collection, processing, retaining, and sharing of consumers’ personal information by insurance licensees and their third-party service providers.
Current Status: The bill passed the Senate in early June and was referred to the Assembly committees on Insurance and Privacy & Consumer Protection. It has not been set for a committee hearing.
