(a) The department may establish a pilot program to evaluate the use of optional mobile or digital alternatives to driver’s licenses and identification cards, subject to all of the following requirements:
(1) Any pilot program established by the department pursuant to this subdivision shall be limited to both of the following:
(A) Persons who have voluntarily chosen to participate in the pilot program.
(B) No more than 5 percent of licensed drivers for the purpose of evaluation.
(2) A participant in any pilot program established by the department pursuant to this subdivision
may terminate their participation in the pilot program at any time, and may, upon termination, request the deletion of any data associated with their participation in the program. Within 10 days of any such request, the department and all entities contracted with the department for the purpose of effectuating the pilot program shall delete all data collected or maintained pursuant to the participant’s participation in the program.
(3) All participants shall receive both a physical and, if requested, an immutable and unique driver’s license or identification card.
(b) In developing and implementing the use of digital driver’s licenses and identification cards, the department shall ensure the protection of personal information and include security features that protect against unauthorized access to information, including, but not limited to, all of the following:
(1) Ensuring that any remote access to the digital driver’s license or identification card shall require the express, affirmative, real-time consent of the person whose digital driver’s license or identification card is being requested for each piece of information being requested, and shall be limited to only that information which is provided on a physical driver’s license or identification card.
(2) Ensuring that the digital driver’s license or identification card, as well as any mobile application required for the digital driver’s license or identification card, shall not contain or collect any information not strictly necessary for the functioning of the digital driver’s license, identification card, or mobile application, including, but not limited to, any information relating to movement or location.
(3) Ensuring
that the information transmitted to the digital driver’s license or identification card, as well as any mobile application required for the digital driver’s license or identification card, is encrypted and protected to the highest reasonable security standards broadly available, including ISO-18013-5, FIPS 140-3, and NIST 800-53 Moderate, and cannot be intercepted while being transmitted from the department.
(c) (1) In the conduct of any pilot program pursuant to this section, any data exchanged between the department and any electronic device, between the department and the provider of any electronic device, and between any electronic device and the provider of that electronic device, shall be limited to those data necessary to display the information necessary for a driver’s license or identification card.
(2) An entity contracted with the department for
this purpose shall not use, share, sell, or disclose any information obtained as part of this contract, including, but not limited to, any information about the holder of a digital driver’s license or identification card, except as is necessary to satisfy the terms of the contract. Upon termination or expiration of any contract entered into for this purpose, the contracting entity shall delete any data collected or generated in the course of activities pursuant to that contract within 30 days.
(d) (1) The holder of a digital driver’s license or identification card shall not be required to turn over their electronic device to any other person or entity in order to use the digital driver’s license or identification card for identity verification.
(2) The holder of a digital driver’s license or identification card showing or turning over their electronic device
to any other person or entity in order to use the digital driver’s license or identification card for identity verification shall not constitute consent to a search, nor shall it constitute consent for access to any information other than that which is immediately available on the digital driver’s license or identification card. Information incidentally obtained in the process of viewing a digital driver’s license or identification card in order to verify the identity of the holder shall not be used to establish probable cause for a warrant to search the electronic device.
(3) Any request for remote access to their digital driver’s license or identification card for identity verification shall require the express consent of the holder of the digital driver’s license or identification card, shall be limited to the content of the digital driver’s license or identification card specified in the request for remote access, and shall not exceed the
information available on a physical driver’s license or identification card.
(4) Consent to remote access to a digital driver’s license or identification card by the holder shall not constitute consent to a search, nor shall it constitute consent for access to any information other than that which is immediately available on the digital driver’s license or identification card. Information incidentally obtained in the process of remotely accessing a digital driver’s license or identification card shall not be used to establish probable cause for a warrant to search the electronic device.
(e) (1) A participant in any pilot program established by the department pursuant to this section shall not be required to use a digital driver’s license or identification card rather than a physical driver’s license or identification card for the purpose of identity
verification, nor shall their participation in the pilot program preclude their use of a physical driver’s license or identification card under any circumstances.
(2) A person or entity shall not provide preferential service based on a person’s use of a digital driver’s license or identification card rather than a physical driver’s license or identification card.
(f) The pilot program may include the issuance of mobile or digital Real ID driver’s license or identification cards upon authorization of the United States Secretary of Homeland Security.
(g) If the department conducts a pilot program authorized in subdivision (a), the department shall, no later than July 1, 2026, submit a report regarding the pilot program to the Legislature, in compliance with Section 9795 of the Government Code, to include, but not be
limited to, all of the following:
(1) A review of all products evaluated in the pilot program and of the features of those products. The report shall note any security features to protect against unauthorized access to information.
(2) Lessons learned from the pilot program with regards to the utility of a mobile driver’s license program, or risks and solutions related to the implementation of a mobile driver’s license program.
(3) Recommendations for subsequent actions, if any, that should be taken with regard to alternative options for digital driver’s licenses or identification cards evaluated in the pilot program.
(4) An estimate of the fiscal impact of the deployment of a mobile driver’s license program, including the estimated impact to the Motor
Vehicle Account established pursuant to Section 42271.
(h) As part of the 2022–23 budget, the department shall report to the Legislature on the status of the pilot program, including, but not limited to, all of the following:
(1) The scope of the pilot program, including pilot program goals and processes.
(2) The timeline for the pilot program.
(3) The fiscal impact of the pilot program.
(Amended by Stats. 2023, Ch. 54, Sec. 12. (SB 125) Effective July 10, 2023.)