Data broker registration: data collection.
- Expands data broker reporting requirements to include sensitive personal data collection and sharing practices.
- Requires data brokers to disclose if they share data with foreign actors, governments, or AI developers.
- Imposes daily fines of $200 for data brokers who fail to register or comply with deletion requests.
- Mandates data brokers to provide clear website instructions for consumers to exercise privacy rights.
Senator Becker's data broker legislation expands California's registration requirements for companies that collect and sell consumer information. Under the measure, data brokers must now disclose whether they collect sensitive personal data including login credentials, government ID numbers, citizenship status, union membership, sexual orientation, gender identity, and biometric information.
The bill requires data brokers to report annually on whether they have shared or sold consumer data to foreign governments and businesses, federal agencies, other state governments, law enforcement, or artificial intelligence system developers. Data brokers must also maintain a webpage explaining how consumers can exercise their privacy rights, including deleting or correcting personal information and opting out of data sales. The California Privacy Protection Agency can levy fines of $200 per day for registration violations and $200 per deletion request for companies that fail to remove consumer data as required.
Beginning in 2029, data brokers must indicate whether they have completed privacy audits and submitted reports to state regulators. The measure defines foreign actors as governments of other countries and organizations based outside the United States, while AI system developers include any entity that designs, codes, or substantially modifies artificial intelligence models. All penalties collected will fund the Data Brokers' Registry to offset administrative and enforcement costs.
 Joaquin ArambulaD Assemblymember | Committee Member |  Not Contacted | |
 Buffy WicksD Assemblymember | Committee Member | Not Contacted | |
 Josh BeckerD Senator | Bill Author | Not Contacted | |
 Lisa CalderonD Assemblymember | Committee Member | Not Contacted | |
 Mike FongD Assemblymember | Committee Member | Not Contacted |
| Bill Number | Title | Introduced Date | Status | Link to Bill |
|---|---|---|---|---|
SB-362 | Data broker registration: accessible deletion mechanism. | February 2023 | Passed |
Email the authors or create an email template to send to all relevant legislators.
Introduced By
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 15 | 0 | 0 | 15 | PASS |
- Expands data broker reporting requirements to include sensitive personal data collection and sharing practices.
- Requires data brokers to disclose if they share data with foreign actors, governments, or AI developers.
- Imposes daily fines of $200 for data brokers who fail to register or comply with deletion requests.
- Mandates data brokers to provide clear website instructions for consumers to exercise privacy rights.
Email the authors or create an email template to send to all relevant legislators.
Introduced By
Senator Becker's data broker legislation expands California's registration requirements for companies that collect and sell consumer information. Under the measure, data brokers must now disclose whether they collect sensitive personal data including login credentials, government ID numbers, citizenship status, union membership, sexual orientation, gender identity, and biometric information.
The bill requires data brokers to report annually on whether they have shared or sold consumer data to foreign governments and businesses, federal agencies, other state governments, law enforcement, or artificial intelligence system developers. Data brokers must also maintain a webpage explaining how consumers can exercise their privacy rights, including deleting or correcting personal information and opting out of data sales. The California Privacy Protection Agency can levy fines of $200 per day for registration violations and $200 per deletion request for companies that fail to remove consumer data as required.
Beginning in 2029, data brokers must indicate whether they have completed privacy audits and submitted reports to state regulators. The measure defines foreign actors as governments of other countries and organizations based outside the United States, while AI system developers include any entity that designs, codes, or substantially modifies artificial intelligence models. All penalties collected will fund the Data Brokers' Registry to offset administrative and enforcement costs.
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 15 | 0 | 0 | 15 | PASS |
Joaquin ArambulaD Assemblymember | Committee Member | Not Contacted | |
Buffy WicksD Assemblymember | Committee Member | Not Contacted | |
Josh BeckerD Senator | Bill Author | Not Contacted | |
Lisa CalderonD Assemblymember | Committee Member | Not Contacted | |
Mike FongD Assemblymember | Committee Member | Not Contacted |
| Bill Number | Title | Introduced Date | Status | Link to Bill |
|---|---|---|---|---|
SB-362 | Data broker registration: accessible deletion mechanism. | February 2023 | Passed |