Bill Text

Bill Information


PDF |Add To My Favorites |Track Bill | print page

AB-2414 Mobile applications: recordable information: privacy.(2019-2020)

SHARE THIS:share this bill in Facebookshare this bill in Twitter
Date Published: 02/18/2020 09:00 PM
AB2414:v99#DOCUMENT


CALIFORNIA LEGISLATURE— 2019–2020 REGULAR SESSION

Assembly Bill
No. 2414


Introduced by Assembly Member Chau

February 18, 2020


An act to amend Section 22577 of, and to add Section 22575.1 to, the Business and Professions Code, relating to privacy.


LEGISLATIVE COUNSEL'S DIGEST


AB 2414, as introduced, Chau. Mobile applications: recordable information: privacy.
Existing law, the California Consumer Privacy Act of 2018, grants a consumer various rights with regard to the consumer’s personal information that is held by a business, including the right to know what personal information is collected by a business, to have personal information held by that business deleted, and to direct a business to not sell the consumer’s personal information, as specified.
Existing law requires an operator of a commercial website or online service that collects personally identifiable information through the internet, about individual consumers residing in California who use or visit its commercial internet website or online service, to make a privacy policy available to consumers and to include specified information relating to the collection of personally identifiable information within that privacy policy.
This bill would require the operator of a mobile application to provide clear and conspicuous notice that fully informs consumers when, how, and why their recordable information, defined to include visual, audio, or geolocation information, will be collected, used, and shared upon installation of the application. The bill would require the operator of a mobile application to obtain consent before collecting or using recordable information and to obtain separate consent before disclosing that information.
Vote: MAJORITY   Appropriation: NO   Fiscal Committee: NO   Local Program: NO  

The people of the State of California do enact as follows:


SECTION 1.

 Section 22575.1 is added to the Business and Professions Code, to read:

22575.1.
 (a) An operator of a mobile application shall provide clear and conspicuous notice that fully informs a consumer when, how, and why the consumer’s recordable information will be collected, used, and shared upon installation of the application.
(b) An operator of a mobile application shall obtain a user’s affirmative express consent before collecting or using the user’s recordable information. The operator shall separately obtain the user’s affirmative express consent before disclosing the user’s recordable information.

SEC. 2.

 Section 22577 of the Business and Professions Code is amended to read:

22577.
 For the purposes of this chapter, the following definitions apply:
(a) The term “personally identifiable information” means individually identifiable information about an individual consumer collected online by the operator from that individual and maintained by the operator in an accessible form, including any of the following:
(1) A first and last name.
(2) A home or other physical address, including street name and name of a city or town.
(3) An e-mail email address.
(4) A telephone number.
(5) A social security number.
(6) Any other identifier that permits the physical or online contacting of a specific individual.
(7) Information concerning a user that the Web site internet website or online service collects online from the user and maintains in personally identifiable form in combination with an identifier described in this subdivision.
(b) The term “conspicuously post” with respect to a privacy policy shall include posting the privacy policy through any of the following:
(1) A Web page on the internet website on which the actual privacy policy is posted if the Web page is the homepage or first significant page after entering the Web site. internet website.
(2) An icon that hyperlinks to a Web page on the internet website on which the actual privacy policy is posted, if the icon is located on the homepage or the first significant page after entering the Web site, internet website, and if the icon contains the word “privacy.” The icon shall also use a color that contrasts with the background color of the Web page or is otherwise distinguishable.
(3) A text link that hyperlinks to a Web page on the internet website on which the actual privacy policy is posted, if the text link is located on the homepage or first significant page after entering the Web site, internet website and if the text link does one of the following:
(A) Includes the word “privacy.”
(B) Is written in capital letters equal to or greater in size than the surrounding text.
(C) Is written in larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size, or set off from the surrounding text of the same size by symbols or other marks that call attention to the language.
(4) Any other functional hyperlink that is so displayed that a reasonable person would notice it.
(5) In the case of an online service, any other reasonably accessible means of making the privacy policy available for consumers of the online service.
(c) The term “operator” means any person or entity that owns a Web site located on the Internet an internet website or an online service, including a mobile application, that collects and maintains personally identifiable information from a consumer residing in California who uses or visits the Web site internet website or online service if the Web site internet website or online service is operated for commercial purposes. It does not include any third party that operates, hosts, or manages, but does not own, a Web site an internet website or online service on the owner’s behalf or by processing information on behalf of the owner.
(d) The term “consumer” means any individual who seeks or acquires, by purchase or lease, any goods, services, money, or credit for personal, family, or household purposes.
(e) The term “recordable information” means information that is capable of being recorded by the device on which the mobile application operates, including, but not limited to, audio or visual information collected by a camera or microphone and geolocation information.
(f) The term “geolocation information” means information that can be used to identify the physical location of an electronic device or its user.