On Thursday, June 22, 2018, a previously dead California Assembly bill, AB 375, was revised as a proposed alternative to the ballot initiative known as the California Consumer Privacy Act of 2018 (CCPA), which is expected to be on the November ballot. It was read a third time and amended on June 25 and re-referred to the Senate Judiciary Committee. If the bill is passed and signed into law by June 28, 2018 – the deadline for finalizing what will be on the ballot – ballot initiative supporters have reportedly agreed to pull the ballot initiative. Below is a summary of key similarities and differences between AB 375 and the CCPA. If AB 375 is passed and signed by the governor this week in time for the CCPA to be withdrawn and we confirm it is withdrawn, we will provide greater detail on what AB 375 will require. The full text of the ballot initiative is here, and the full text of AB 375 is here.
The legislative approach in AB 375 will result in regulation of more for-profit entities than the ballot initiative would, as an entity with annual gross revenue in excess of $25 million is considered a “business” under the legislative approach, whereas under the ballot initiative, an entity is considered a business if it has annual gross revenue in excess of $50 million. Further, the definition of business is broader in the legislative approach in that it also applies to businesses that annually “sell” (broadly defined) personal information of “100,000 or more consumers or devices,” as provided by the CCPA, to include a business that “buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes [broadly defined] … personal information of 50,000 or more consumers, devices, or households.” In addition to the different threshold number of data subjects, a key distinction is that AB 375 explicitly covers the recipients of personal information from a third party, while the CCPA addresses only a business “that collects consumer’s personal information.”