(1) Existing law, the California Consumer Privacy Act of 2018 (CCPA) , grants a consumer various rights with respect to personal information, as defined, that is collected or sold by a business, as defined, including the right to direct a business that collects sensitive personal information about the consumer to limit its use, as prescribed. Existing law defines "sensitive personal information" to mean, among other things, personal information that reveals a consumer's precise geolocation. Existing law, the California Privacy Rights Act of 2020, approved by the voters as Proposition 24 at the November 3, 2020, statewide general election, amended, added to, and reenacted the CCPA.
This bill would prohibit a covered entity from collecting or processing the location information of an individual unless doing so is necessary to provide goods or services requested by that individual. The bill would impose various other restrictions on covered entities with regard to location information. The bill would define various terms for purposes of these provisions, including "location information" to mean information that pertains to or directly or indirectly reveals the present or past geographical location of an individual or device, as specified.
This bill would require a covered entity to prominently display, at the point where location information is being captured, a notice to individuals stating that their location information is being collected, the name of the covered entity and service provider collecting the information, and a phone number and an internet website where the individual can obtain more information. The bill would require a covered entity to maintain and make available to the data subject a location privacy policy that includes specified information on data usage and management and is subject to a specified notice procedure.
This bill would make a covered entity that violates these provisions liable for actual damages suffered by a person denied a right under these provisions and other specified relief. The bill would authorize the Attorney General or other public prosecutors to bring an action against a covered entity that violates these provisions.
This bill would require a business, as defined by the CCPA, to comply with the above-described provisions.
(2) Existing law, the Information Practices Act of 1977, prescribes a set of requirements, prohibitions, and remedies applicable to agencies, as defined, with regard to their collection, storage, and disclosure of personal information, as defined.
This bill would prohibit a state or local agency, including an agency as defined under the Information Practices Act, from monetizing, as defined, location information. By imposing new requirements on local agencies, this bill would impose a state-mandated local program.
(3) The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would provide that, if the Commission on State Mandates determines that the bill contains costs mandated by the state, reimbursement for those costs shall be made pursuant to the statutory provisions noted above.
(4) The California Consumer Privacy Act of 2020 authorizes the Legislature to amend the act to further the purposes and intent of the act by a majority vote of both houses of the Legislature, as specified.
This bill would declare that its provisions further the purposes and intent of the California Privacy Rights Act of 2020.
Statutes affected: 04/10/25 - Amended Assembly: 1798.100 CIV, 1798.100 CIV, 1798.121 CIV, 1798.121 CIV