Data broker registration: data collection.

Senator Becker's data broker legislation expands California's registration requirements for companies that collect and sell consumer information. Under the measure, data brokers must now disclose whether they collect sensitive personal data including login credentials, government ID numbers, citizenship status, union membership, sexual orientation, gender identity, and biometric information.

The bill requires data brokers to report annually on whether they have shared or sold consumer data to foreign governments and businesses, federal agencies, other state governments, law enforcement, or artificial intelligence system developers. Data brokers must also maintain a webpage explaining how consumers can exercise their privacy rights, including deleting or correcting personal information and opting out of data sales. The California Privacy Protection Agency can levy fines of $200 per day for registration violations and $200 per deletion request for companies that fail to remove consumer data as required.

Beginning in 2029, data brokers must indicate whether they have completed privacy audits and submitted reports to state regulators. The measure defines foreign actors as governments of other countries and organizations based outside the United States, while AI system developers include any entity that designs, codes, or substantially modifies artificial intelligence models. All penalties collected will fund the Data Brokers' Registry to offset administrative and enforcement costs.