From the expansion of certain protections to the use of automation technology in law enforcement, this legislative session once again saw a number of bills centered around data privacy.

Submitted alongside a coalition of other organizations to the California Privacy Protection Agency for the first regulatory drafting comment period, our comments are generally positive—supporting the agency's crafting of data minimization and dark patterns rules. However, we do have some concerns regarding the regulations which would allow businesses to treat certain users of opt-out preference signals (e.g. Global Privacy Control which allows people to set their browser to communicate their privacy choice to the businesses).

The Health Insurance Portability and Accountability Act is a federal law that provides baseline privacy and security standards for medical information. The United States Department of Health and Human Services is the federal agency in charge of creating rules that implement and enforce it.

The Rosenthal Fair Debt Collection Practices Act (Rosenthal Act) is a California law that governs debt collection agency practices for personal debts—including how and when a debt collector may contact an individual about money allegedly owed on:

The Fair Debt Collection Practices Act is a federal law that governs debt collection agency practices for personal debts—including how and when a debt collector may contact an individual about money allegedly owed on a

• personal credit card account
• auto loan
• medical bill
• mortgage

Using data available in state data broker registries, this report presents information on 540 unique registered data brokers and their

• privacy policies
• practices
• areas of possible noncompliance

The Genetic Information Privacy Act is a California law that places data collection, use, security and disclosure requirements on direct-to-consumer genetic testing companies and provides consumers with access and deletion rights.

We—with the support of a group of privacy and consumer advocacy organizations—submitted comments to the California Privacy Protection Agency addressing its proposed rulemaking under the California Privacy Rights Act of 2020. Our comments focus on how the agency should craft rules around user-enabled global privacy controls—mechanisms that enable Californians to communicate their privacy choices to businesses through browser or device settings.

Last year the California legislature continued to grapple with issues that were exacerbated by the ongoing COVID-19 global pandemic. As they were in 2020—although not to the same extent—legislators were forced to pare back their bill packages again in 2021.

With respect to privacy issues, genetic and biometric information received special focus and three bills were signed into law:

• CA Assembly Bill 751
• CA Assembly Bill 825
• CA Senate Bill 41 (Genetic Information Privacy Act)

The Fair Chance Act (also known as California’s Ban the Box law) is a California law that restricts when and how employers can inquire about and consider a job applicant’s criminal history.