Just when the conversation about privacy legislation had shifted to the bills recently introduced by Sen. John Kerry and Rep. Cliff Stearns, California State Senator Alan Lowenthal has recaptured the headlines by amending his “Do Not Track” bill  (S.B. 761) to include a sweeping prohibition against selling, sharing or transferring consumer information. 

Lowenthal’s bill would require the California attorney general to adopt regulations requiring entities doing business in California to:

  • Disclose the business’s practices concerning the collection, use, and storage of “covered information” (a broad term that includes individuals’ online activities, personally identifiable information, and “any unique or substantially unique identifier, such as a customer number or [IP] address”) ;
  • Disclose how the entity uses or discloses that information;
  • Disclose “the names of persons to whom the entity would disclose that information”; and
  • Provide a consumer with a method to opt out of the collection or use of any covered information by the entity.

Amendments introduced Monday would prohibit any entity doing business in California from selling, sharing, or transferring a consumer’s “covered information” (a broad term that includes a consumer’s online activities and personal information).  The new provision states simply that “[n]otwithstanding any other provision of law and to the extent consistent with federal law, no covered entity shall sell, share, or transfer a consumer’s covered information.” 

The bill provides a private right of action–and a statutory damages remedy–against entities that willfully fail to comply with its requirements. 

As we’ve previously noted, S.B. 761 was met with strong opposition from industry when it was introduced earlier this month.  With these new amendments, we expect opposition to grow even stronger.  A hearing is scheduled for May 3.  Inside Privacy will keep you up to speed on this bill’s progress.