Under existing law, California Data Brokers must register with the California Privacy Protection Agency (“Agency”) and pay a registration fee in an amount determined by the Agency. Data Brokers are also required to provide specific information, including the name of the data broker and its primary physical, email, and internet website addresses. Data Brokers must also disclose whether they collect the personal information of minors, consumers’ precise geolocation, or consumers’ reproductive health care data.
In an attempt to further regulate certain sensitive data collected by data brokers, on February 13, 2025, SB 361 was introduced. This proposed bill would amend the current law to require a data broker to provide additional information to the agency, including whether the data broker collects consumers’ login or account information. The disclosure requirements also encompass various government identification numbers, citizenship data, union membership status, sexual orientation status, and biometric data. Further amendments have added a disclosure requirement for data brokers that collect consumers’ gender identity or gender expression data.
California, and other states, are focused on the collection and use of consumer sensitive person information, particularly in the hands of entities that buy and sell data for various purposes. Companies that either qualify as data brokers, or rely on data brokers for data, should pay particular attention to these proposals to ensure compliance with evolving requirements.
Focused On Privacy 
Leave a comment