California Assemblywoman and author of the California Right to Know Act Bonnie Lowenthal recently announced her decision to delay Assembly Bill 1291 until an unspecified time next year. Assembly Bill 1291 would amend section 1798.83 of the California Civil Code, enacted into law in 2003. Section 1798.83, known as Shine the Light law, became active January 1, 2005 and addresses the marketing practice of businesses sharing customers’ personal information.

The new bill, co-authored by Assembly Members Ed Chau and Anthony Rendon, was introduced in February 2013. It is co-sponsored by the ACLU, and supported by an assorted coalition of organizations including the California Partnership to End Domestic Violence, California Public Interest Research Group (CalPIRG), California’s National Organization for Women, Electronic Frontier Foundation, Consumer Action, and more.

Part 2 of Assembly Bill 1291 describes how technology and business practice have dramatically changed since the enactment of section 1798.83, explaining that businesses are collecting and selling new types of personal information about their customers not previously contemplated or adequately covered by the current law.

This bill would require any business that retains a customer’s personal information or discloses customer information to a third a party to provide within thirty days of receiving a request from a customer a copy of the information retained (not just a description of the information as the original version of the bill required). It also requires the names and information of third parties with whom the information was shared be relayed to the customer. The bill would further require such requests be free of charge. The last California privacy law was enacted in 2005 in response to telemarketing abuse.

The ACLU of Northern California’s website hails this act as modernizing current privacy law and giving Californians tools to monitor how their personal information is collected and find out to whom the information is disclosed. This bill is the first of its kind in the nation and would require companies to show customers the type of personal data collected on them and who has access to it. Although new to the United States, 27 countries in the European Union already have laws requiring companies to disclose what data is compiled.

In her interview with the San Jose Mercury News, Assemblywoman Lowenthal stressed the increase in new technology and creation of apps that mark locations and track spending habits are outside the scope of the original privacy laws.

Interestingly, this legislation has not received much media attention. However, fifteen companies and trade groups, including TechAmerica (a U.S. based technology trade association known to represent Facebook, Google, and Microsoft) complain it would create a flood of information requests and enable individuals to bring costly lawsuits. The Director of TechAmerica commented that current law already allows customers to inquire about what personal information companies use.

This bill is not all bite, and offers businesses some protections as it states that a business is not obligated to provide the information if it cannot reasonably verify the individual making the request is the customer. However, under the bill, violation of this section would constitute an injury to the customer and they would be able to recover penalties pursuant to California Civil Code section 1798.84

This bill will likely make headlines again in 2014 as it comes up for a vote. It will be worthwhile to watch and see how the fate of this bill plays out!


A.B. 1291, 2013-2014 Reg. Sess. (Cal. 2013), available at

California Right to Know Act, ACLU of Northern California, (last visited July 14, 2013).

A.B. 1291 Supporters,

1291_supporters.pdf (last visited July 15, 2013).

Steven Harmon, Silicon Valley Companies Quietly Try to Kill Internet Privacy Bill, Mercury News (April 20, 2013 12:00 PM),

Privacy Lock, (June 2, 2013),