In an email to Techwire, Assemblymember Ed Chau, a member of the California Legislative Technology and Innovation Caucus, discussed some of his legislative work during the 2021 session, which got underway Monday. Among the takeaways:
- The Monterey Park Democrat recently introduced Assembly Bill 13, he said, “to bring accountability and transparency to algorithm-driven systems that rely on machine learning or artificial intelligence to make decisions affecting people’s lives.” The bill would enact the Automated Decision Systems Accountability Act of 2021 and require the Department of Financial Protection and Innovation (DFPI) by March 2023 to create an Automated Decision Systems Advisory Task Force with public- and private-sector members. AB 13 would mandate that businesses that provide a person with “a program or device that uses an automated decision system (ADS)” also ensure processes are in place to detect biases during its “development and usage”; and assess whether it has “a disproportionate adverse impact on a protected class” and “furthers a legitimate interest.” The bill would also require businesses to report to DFPI by March 2023 and annually thereafter “specified information about its ADS impact assessment.” Failure to comply could result in a civil penalty. On Monday, the bill was referred to the Assembly committees on Privacy and Consumer Protection and Banking and Finance.
“At the forefront, especially because of COVID-19, is the use of technology to contain the virus and respond to its aftermath,” Chau told Techwire in a statement. “As such, the Legislature will closely analyze both emerging legislation and private and government practices to ensure that civil liberties are protected in the fight to control the pandemic and rebuild afterwards, while also respecting this state’s tradition of innovation.” - Chau also introduced AB 35, dealing with social media platforms and false information. It would require someone who runs a social media platform to reveal whether that platform has “a policy or mechanism in place to address the spread of misinformation, as specified.” That disclosure should be “easily accessible” on the platform’s website and app — and violations would accrue civil penalties of $1,000 per day. On Monday the bill was referred to the Assembly committees on Judiciary and Arts, Entertainment, Sports, Tourism, and Internet Media.
- Chau, who is chair of the Assembly Privacy and Consumer Protection Committee, was a primary sponsor of 2018’s California Consumer Privacy Act — and said he anticipates seeing “legislation related to the recently enacted voter initiative, the California Privacy Rights Act [CPRA],” this session. Most of the CPRA, which voters approved in November via Prop. 24, took effect Jan. 1. It targeted consumer rights, which it said “should adjust to technological changes, help consumers exercise their rights, and assist businesses with compliance, with the continuing goal of strengthening consumer privacy.” It defined certain personal data as sensitive; gave consumers the right to ask businesses to delete or correct personal information; and required businesses to disclose that right. The act also created the California Privacy Protection Agency (CPPA) to enforce consumer privacy laws; and it provided at least $10 million annually in General Fund monies “to support increased state costs for CPPA operations.”
- The Assemblymember said that as privacy committee chair, he anticipates “continuing the committee’s oversight of the (California) Department of Technology.” In releasing his $227.2 billion proposed 2021-2022 Fiscal Year state budget on Friday, Gov. Gavin Newsom highlighted its commitment of $50 million for cybersecurity, including an information security audit program to examine “every single state department.”
