The Confidentiality of Medical Information Act governs the disclosure of medical information by an employer, a provider of health care, a health care service plan, or a contractor, as those terms are defined. The California Consumer Privacy Act of 2018 (CCPA) authorizes a consumer to direct a business, as defined, that collects sensitive personal information about the consumer to limit its use of the consumer's sensitive personal information, as specified, and defines "sensitive personal information" to include personal information that reveals a consumer's neural data. The CCPA also authorizes a consumer to request that a business delete any personal information about the consumer which the business has collected from the consumer, as prescribed. The California Privacy Rights Act of 2020, approved by the voters as Proposition 24 at the November 3, 2020, statewide general election, amended, added to, and reenacted the CCPA and establishes the California Privacy Protection Agency and vests the agency with full administrative power, authority, and jurisdiction to enforce the CCPA.
This bill would require, under the CCPA, a covered business to use neural data only for the purpose for which the neural data was collected and would require a covered business to delete neural data when the purpose for which the neural data was collected is accomplished. The bill would define "covered business" to mean a person who makes available a brain-computer interface to a person in this state and would define "brain-computer interface" to mean a system that allows direct communication and control between a person's brain and an external device.
This bill would declare that its provisions further the purposes and intent of the California Privacy Rights Act of 2020.

Statutes affected:
SB 44: 6404 FGC
12/05/24 - Introduced: 6404 FGC
03/05/25 - Amended Senate: 6404 FGC