Skip to main content

California Update: Governor Signs One Privacy Bill and Vetoes Another

California Governor Gavin Newsom has signed Assembly Bill 1281 (discussed here) to extend the California Consumer Privacy Act (CCPA) “exemptions” for business-to-business (B2B) and employee personal information.  The exemption was headed for a sunset on December 31, 2020 without legislative action, and this extension will continue through the end of 2022.   AB 1281 also has a provision that it will only take effect if the California Privacy Rights Act (CPRA) – or Proposition 24 --  is not approved by the California voters in November.   The CPRA would extend the B2B and employee exemptions through 2023.   Regardless of what happens to Proposition 24, businesses covered by CCPA can take a breather with respect to these two types of information collection under CCPA.

Governor Newsom vetoed a bill to require parental consent for children under 13 to create social media accounts.   Assembly Bill 1138 would have applied to sites and applications like Snapchat, Instagram, TikTok, Facebook, Twitter, etc., and would have taken effect July 1, 2021.    The federal Children’s Online Privacy Protection Act (COPPA) requires website or online services operators to obtain verifiable parental (or guardian) consent prior to the collection of personal information from children under 13.   Governor Newsom said in his veto message that states have the authority to enforce COPPA, and AB 1138 would only create “unnecessary confusion” given its overlap with federal law.

If you have not yet started your CCPA compliance program, your Mintz Privacy Team is ready to answer questions, and our CCPA Compliance Toolkit can be accessed here.

Subscribe To Viewpoints


Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.