BILL ANALYSIS �Ó
AB 2799
Page 1
CONCURRENCE IN SENATE AMENDMENTS
AB
2799 (Chau)
As Amended June 21, 2016
Majority vote
--------------------------------------------------------------------
|ASSEMBLY: |78-0 |(May 12, 2016) |SENATE: | 39-0 |(August 23, |
| | | | | |2016) |
| | | | | | |
| | | | | | |
--------------------------------------------------------------------
Original Committee Reference: P. & C.P.
SUMMARY: Prohibits operators of Internet Web sites, online
services, and mobile apps that are designed, marketed and used
primarily for prekindergarten and preschool pupils, from using
data about those pupils for targeting, marketing or profiling,
and prohibits selling or disclosing a pupil's information with
limited exceptions.
The Senate amendments make technical and clarifying changes.
EXISTING LAW:
1)Establishes the Student Online Privacy Protection Act
(SOPIPA), which prohibits an operator of a Web site, online
service, online application, or mobile application from
knowingly engaging in targeted advertising to students or
�
AB 2799
Page 2
their parents or legal guardians using covered information, as
defined, amassing a profile of a K-12 student, selling a
student's information, or disclosing covered information, as
provided. (Business and Professions Code Section (BPC)
22584-85)
2)Defines an "Operator" as the operator of a Web site, online
service, online application, or mobile application with actual
knowledge that the site, service, or application is used
primarily for K-12 school purposes and was designed and
marketed for K-12 school purposes. (BPC 22584(a))
3)Requires an Operator of a commercial Web site or online
service that collects personally identifiable information
through the Internet about individual consumers residing in
California who use or visit its Web site to conspicuously post
its privacy policy. (BPC 22575)
4)Protects, pursuant to the federal Family Educational Rights
and Privacy Act (FERPA), the confidentiality of educational
records (and personally identifiable information contained
therein) by prohibiting the funding of schools that permit the
release of those records. It applies to all schools that
receive funds under an applicable program of the United States
(U.S.) Department of Education. Generally, schools must have
written permission from the parent or eligible student in
order to release any information from a student's education
record. FERPA's prohibition only applies to the school itself
and contains various exemptions where the data may be released
without the written consent of the parents. (20 United States
Code Section (U.S.C.) 1232g(b)(1))
5)Prohibits, pursuant to the federal Children's Online Privacy
Protection Act of 1998, an Operator of a Web site or online
service directed to pupils under the age of 13 from collecting
personal information from a pupil, including a pupil's first
and last name, home or other physical address including street
name and name of a city or town, e-mail address, telephone
�
AB 2799
Page 3
number, or Social Security number. (5 U.S.C. 6501-6505)
FISCAL EFFECT: None. This bill is keyed non-fiscal by the
Legislative Counsel.
COMMENTS: In 2014, California became the national leader on
student privacy protections with the unanimous passage of SB
1177 (Steinberg), Chapter 839, known as SOPIPA. SOPIPA went
into effect on January 1, 2016, and mandates privacy and data
security requirements on Web sites, online services, and mobile
apps that are designed, marketed and used primarily for K-12
students.
SOPIPA was passed in response to the massive amounts of
sensitive student data that online educational products and
services were collecting about students, including academic
performance, health records, and personal interests. However,
SOPIPA only applies to K-12 students, leaving younger children
in preschool and pre-kindergarten classrooms without the same
privacy protections, despite the fact that many were using
educational technology.
This bill, dubbed the "Early Learning Personal Information
Protection Act," is modeled on SOPIPA and expands the same
privacy and data security requirements that exist today for K-12
oriented Web sites, online services, and mobile apps to those
designed primarily for prekindergarten and preschool pupils.
The major provisions of this bill would:
1)Prohibit using pupils' personal information for targeted
advertising;
2)Prohibit using pupils' personal information for profiling
(except for school purposes);
�
AB 2799
Page 4
3)Prohibit selling pupils' personal information;
4)Prohibit disclosing pupils' personal information (with limited
exceptions to permit site functionality or as required by
law);
5)Require reasonable data security for the pupils' information;
and
6)Require companies to delete pupils' information upon the
school's request.
Analysis Prepared by:
Jennie Bretschneider / P. & C.P. / (916)
319-2200
FN: 0003608