BILL ANALYSIS ��
-----------------------------------------------------------------
|SENATE RULES COMMITTEE | SB 1348|
|Office of Senate Floor Analyses | |
|1020 N Street, Suite 524 | |
|(916) 651-1520 Fax: (916) | |
|327-4478 | |
-----------------------------------------------------------------
THIRD READING
Bill No: SB 1348
Author: DeSaulnier (D)
Amended: 4/29/14
Vote: 21
SENATE JUDICIARY COMMITTEE : 4-2, 4/22/14
AYES: Jackson, Corbett, Lara, Leno
NOES: Anderson, Vidak
NO VOTE RECORDED: Monning
SUBJECT : Online data brokers: sale of personal information:
notice
SOURCE : Author
DIGEST : This bill requires online data brokers to allow
subject individuals to review or correct their personal
information and request that the information be permanently
removed from an online data broker's database. Upon receiving a
request to have personal information removed, an online data
broker is prohibited from transferring the subject individual's
personal information to any other party, and must remove the
information from all websites under its ownership or control
within 10 days. This bill also prohibits an online data broker
from charging a fee to a subject individual who elects to review
or remove his/her personal information from the broker's
database, and also allows aggrieved individuals to recover
either actual or statutory damages ($1,000 per violation) for
violations of the bill's requirements.
CONTINUED
�
SB 1348
Page
2
ANALYSIS : Existing federal law, the Gramm-Leach-Bliley Act,
permits financial institutions to share nonpublic customer
information with non-affiliated third parties, unless the
consumer "opts out" of such disclosure. The Act requires
privacy statements to be disclosed by financial institutions and
restricts their ability to disclose non-public personal
information about consumers to third parties.
Existing state law:
1.Provides that, among other rights, all people have an
inalienable right to pursue and obtain privacy.
2.Requires an operator of a commercial Web site or online
service that collects personally identifiable information
through the Internet about individual consumers residing in
California who use or visit its Web site to conspicuously post
its privacy policy.
3.Requires a business with an established business relationship
with a customer that has, within the preceding calendar year,
disclosed specified personal information about the customer to
third parties for direct marketing purposes to, after the
receipt of a written request, disclose to the customer free of
charge the categories of personal information disclosed to
third parties for direct marketing purposes, the names and
addresses of all third parties that received the personal
information, and, if not reasonably discernable by the name,
examples of the products or services marketed by the third
parties.
Existing case law permits a person to bring an action in tort
for an invasion of privacy and provides that in order to state a
claim for violation of the constitutional right to privacy, a
plaintiff must establish the following three elements: (1) a
legally protected privacy interest; (2) a reasonable expectation
of privacy in the circumstances; and (3) conduct by the
defendant that constitutes a serious invasion of privacy. (Hill
v. National Collegiate Athletic Assn. (1994) 7 Cal.4th 1.)
Existing law recognizes four types of activities considered to
be an invasion of privacy giving rise to civil liability,
including the public disclosure of private facts.
This bill:
CONTINUED
�
SB 1348
Page
3
1.Provides that an online data broker that sells, or offers for
sale, personal information of any resident of California to a
third party must permit a subject individual to either of the
following:
A. Review his/her personal information that has been
collected, assembled, or maintained by the online data
broker, either by submitting a written request or by means
of an electronic search through a secure online system.
B. Correct his/her personal information that has been
collected, assembled, or maintained by the online data
broker, either by submitting a written request or by
correcting the information by means of a secure online
system.
1.Provides that unless prohibited by state or federal law, an
online data broker must conspicuously post an opt-out notice
on its Internet Web site, which shall include specific
instructions for permanently removing personal information
from the online data broker's database, by making a written
demand requesting to have the information removed. This bill
further provides that if a subject individual makes a written
demand to remove his or her personal information from an
online data broker's database, the online data broker must
permanently remove the subject individual's personal
information from its database.
2.Provides that, unless prohibited by state of federal law, an
online data broker that receives a written demand from a
subject individual must remove the individual's personal
information from public display on the Internet within 10 days
of delivery of the written demand, and shall ensure that this
information is not reposted on the same Internet Web site, a
subsidiary site, or any other Internet Web site owned,
controlled, or maintained by the online data broker receiving
the written demand. This bill further provides that after
receiving a subject individual's written demand, the online
data broker must not transfer the subject individual's
personal information to any other person, business, or
association through any other medium.
3.States that any additional information collected by an online
CONTINUED
�
SB 1348
Page
4
data broker to confirm the identity of a subject individual
who has made a written request to remove his/her personal
information from a database will be deleted after the identity
of the subject individual has been confirmed, and will not be
used for any other purpose.
4.States that it is unlawful for an online data broker to
solicit or accept the payment of a fee or other consideration
to review or permanently remove personal information from the
online data broker's database, and would provide that each
payment solicited or accepted in violation of this bill
constitutes a separate violation.
5.Provides that in addition to any other sanction, penalty, or
remedy provided by law, a subject individual may bring a civil
action in any court of competent jurisdiction against any
person in violation of this chapter for damages in an amount
equal to the greater of one thousand dollars ($1,000) per
violation or the actual damages suffered by the subject
individual as a result, along with costs, reasonable
attorney's fees, and any other legal or equitable relief.
6.Provides that its provisions will only apply to personal
information that is collected, assembled, or maintained by an
online data broker after January 1, 2015, but, notwithstanding
this limitation, and also apply to information collected,
assembled, or maintained by an online data broker prior to
January 1, 2015, if the data broker collected, assembled, or
maintained the information in violation of any law or
regulation.
7.Defines the following terms:
A. "Online data broker" means a commercial entity that
collects, assembles, or maintains personal information
concerning individuals residing in California who are not
customers or employees of that entity, for the purposes of
selling the personal information over the Internet to a
third party.
B. "Personal information" means any information that
identifies, relates to, describes, or is capable of being
associated with, a particular individual, including, but
not limited to, his or her name, signature, social security
CONTINUED
�
SB 1348
Page
5
number, physical characteristics or description, address,
telephone number, passport number, driver's license or
state identification card number, insurance policy number,
education, employment, employment history, bank account
number, credit card number, debit card number, or any other
financial information, medical information, or health
insurance information. "Personal information" does not
include information that is lawfully made available to the
general public from federal, state, or local government
records.
C. "Subject individual" means the person to whom personal
information pertains.
Background
The advent of inexpensive computer storage and the increased
power and sophistication of computer processing technology have
unleashed a revolution in data acquisition and analysis in just
about every field. "Algorithms that predict stock-price
movements have transformed Wall Street," and "[a]lgorithms that
chomp through our Web histories have transformed marketing."
(Peck, They're Watching You at Work (Dec. 2013) The Atlantic
(as of April 10, 2014).) "The range and depth of information
that's routinely captured about how we behave" has also greatly
increased in recent years. (Id.) "Ordinary people at work and
at home generate much of this data, by sending e-mails, browsing
the Internet, using social media, working on crowd-sourced
projects, and more," and according to one estimate "more than 98
percent of the world's information is now stored digitally, and
the volume of that data has quadrupled since 2007." (Id.) "By
combining the power of modern computing with the plentiful data
of the digital era," data analytics "promises to solve virtually
any problem - crime, public health, the evolution of grammar,
the perils of dating - just by crunching the numbers." (Marcus
and Davis, Eight (No, Nine!) Problems With Big Data (Apr. 6,
2104) New York Times (as of April 10,
2014).)
The growth of data acquisition and analysis in the marketing
CONTINUED
�
SB 1348
Page
6
economy has been no less revolutionary. What was once limited
to customer lists and basic information contained in public
records (e.g. mailing addresses, property tax records, etc.) and
sales records (e.g. credit card purchase histories), companies
and marketing firms can now collect, analyze, package, and sell
precise information about individuals across a wide range of
data points. According to one analyst, with the help of new
technology, companies in the marketing economy are now able to:
collect and sell information to marketers on everything
from your marital status, whether you might be pregnant or
have a newborn, have cancer, are trying to lose weight, are
gay or straight, how much you make, what credit cards you
use, your lines of credit, where you live, what your house
cost, what kind of car you drive or if you might be looking
to buy a new one, your race, occupation, political
leanings, education level, have one or more children in
college, have pets to what your hobbies are and more, much
more. (Armerding, Data Brokers' Collection of Internet
Activity Data Raises Privacy Issues (Nov. 7, 2013) CSO
Online (as of April 10, 2014).)
Indeed, one marketing company claims that it "has, on average,
1,500 pieces of information on more than 200 million Americans."
(Kroft, The Data Brokers: Selling Your Personal Information
(Mar. 9, 2014) CBS News (as of April 10, 2014).) The data marketing economy has
also swelled in economic impact, contributing as much as $156
billion annually to the national economy, according to a recent
industry report. (See Deighton and Johnson, The Value of Data:
Consequences for Insight, Innovation, and Efficiency in the U.S.
Economy (2013).)
Some marketing companies and other participants in the data
industry, colloquially known as "data brokers," aggregate and
sell large volumes of information from their databases to third
parties over the internet without the direct knowledge or
consent of the individuals to whom the data pertains ("subject
individuals"). Several organizations have publicly raised
privacy concerns over the practice of buying and selling
CONTINUED
�
SB 1348
Page
7
personal information over the Internet without the subject
individual's knowledge or consent. One recent news article
describes the potentially sensitive nature of the personal
information offered for sale by online data brokers:
We were able to go online and find all sorts of companies
peddling sensitive personalized information. A Connecticut data
broker called "Statlistics" advertises lists of gay and lesbian
adults and "Response Solutions" -- people suffering from bipolar
disorder. "Paramount Lists" operates out of ? Erie, Pa., and
offers lists of people with alcohol, sexual and gambling
addictions and people desperate to get out of debt. A Chicago
company, "Exact Data," is brokering the names of people who had
a sexually transmitted disease, as well as lists of people who
have purchased adult material and sex toys. (Kroft, The Data
Brokers: Selling Your Personal Information (Mar. 9, 2014) CBS
News
(as of April 10, 2014).)
FISCAL EFFECT : Appropriation: No Fiscal Com.: No Local:
No
SUPPORT : (Verified 4/29/14)
Privacy Rights Clearinghouse
OPPOSITION : (Verified 4/29/14)
California Association of Licensed Investigators
Direct Marketing Association
ARGUMENTS IN SUPPORT : According to the author, "Current law
requires [W]ebsites that collect private information to disclose
their privacy policy in a conspicuously available place, as
defined in Business & Professions Code Section 222575. However,
current law means that consumers are implicitly agreeing to the
terms of the privacy policy simply by visiting the [W]ebsite,
regardless of whether they even visit the privacy policy page.
Consumers do not have the ability to modify or opt out of
privacy policies. Further, consumers do not have an awareness
of what personal information data brokers possess, sell or
otherwise share with third parties.
CONTINUED
�
SB 1348
Page
8
"68 [percent] of US internet users feel that current laws are
not good enough in protecting people's privacy online, and that
86 [percent] of users have taken steps online to remove or mask
their digital footprint. SB 1348 seeks to update the California
laws to reflect the consumer's right to personal privacy in an
evolving online landscape."
ARGUMENTS IN OPPOSITION : The California Association of
Licensed Investigators argue that the bill could "prevent
effective investigations that are critical to safety of
individuals at their homes and in their workplaces, as well as
the ability of businesses to fight workers' compensation fraud
and combat counterfeit products, among other important
investigations."
AL:nl 4/29/14 Senate Floor Analyses
SUPPORT/OPPOSITION: SEE ABOVE
**** END ****
CONTINUED