Update Applicable to:
All businesses that provide online services or products in the state of California.
On August 30, 2022, the California senate passed Assembly Bill 2273 (AB 2273), which, if signed by Governor Newsom, will increase data privacy and protection standards.
What are the details?
Effective July 1, 2024, AB 2273 will apply to “businesses” which are for-profit organizations that do business in California and: (1) have revenue of more than $25 million or (2) derive 50% or more of their annual revenue from selling consumer’s personal information, or (3) buys/receives for commercial purposes the personal information of more than 50,000 consumers/households/devices. In summary, AB 2273 requires:
- Default privacy settings: Companies must configure default privacy settings to the highest possible level of privacy and provide private information and other policies that children can understand prominently.
- No use of minor’s personal information: Companies will be banned from using children’s personal information “for any reason other than a reason for which the personal information was collected unless the business can demonstrate a compelling reason that use of the personal information is in the best interests of children,” according to the legislation.
- Attorney General’s authority: AB 2273 permits the Attorney General to seek an injunction or civil penalty against companies that violate the bill. According to the bill, negligent violations could result in a penalty of up to $2,500 per affected child, and intentional violations could result in a penalty of up to $7,500 per affected child. Currently, the bill does not provide a private right of action.
In sum, the bill:
(1) Increases technology regulation;
(2) Aims to provide more online privacy protections for minors; and
(3) Will cause companies to increase privacy, legal, and engineering resources to meet the bill’s requirements.
The bill has been sent to Governor Newsom and is currently awaiting signage.
For more information, please see the links below:
What do employers need to do?
Employers should review the links above and adjust their data privacy policies to comply with the law come July 1, 2024, if Governor Newsom signs.
Need help understanding how changes to employment laws will affect your business?
Learn more about how Vensure's California PEO services can help you navigate complex employment laws and keep your business compliant.
This communication is intended solely for the purpose of conveying information. The present post might incorporate hyperlinks directing readers to websites managed by third-party entities. The inclusion of any links within this communication is meant to serve as points of reference and could encompass opinion articles from various law firms, articles from HR associations, official websites, news releases, and documents of government agencies, and other relevant third-party sources. Vensure has no authority over these external websites and bears no responsibility for their content. Furthermore, Vensure does not endorse the materials present on these websites. The contents of this communication should not be interpreted as legal advice or as a legal standpoint concerning specific facts or scenarios. Nor should it be deemed an exhaustive compilation of facts potentially pertinent to federal, state, or local laws. It is strongly advised that employers solicit legal guidance from an employment attorney when undertaking actions in response to any legal updates provided. This is due to the possibility of future alterations occurring in federal, state, and local laws, regulations, as well as the directives and guidelines issued by governing agencies. These changes may transpire at any given time, potentially rendering certain portions of the content within this update void or inaccurate.