Consumer Privacy Update: What Organizations Need to Know About Impending State Privacy Laws Going into Effect in 2024 and 2025

Over the past several years, the number of states with comprehensive consumer data privacy laws has increased exponentially from just a handful—California, Colorado, Virginia, Connecticut, and Utah—to up to twenty by some counts.

Many of these state laws will go into effect starting Q4 of 2024 through 2025. We have previously written in more detail on New Jersey’s comprehensive data privacy law, which goes into effect January 15, 2025, and Tennessee’s comprehensive data privacy law, which goes into effect July 1, 2025. Some laws have already gone into effect, like Texas’s Data Privacy and Security Act, and Oregon’s Consumer Privacy Act, both of which became effective July of 2024. Now is a good time to take stock of the current landscape as the next batch of state privacy laws go into effect.

Over the next year, the following laws will become effective:

  1. Montana Consumer Data Privacy Act (effective Oct. 1, 2024)
  2. Delaware Personal Data Privacy Act (effective Jan. 1, 2025)
  3. Iowa Consumer Data Protection Act (effective Jan. 1, 2025)
  4. Nebraska Data Privacy Act (effective Jan. 1, 2025)
  5. New Hampshire Privacy Act (effective Jan. 1, 2025)
  6. New Jersey Data Privacy Act (effective Jan. 15, 2025)
  7. Tennessee Information Protection Act (effective July 1, 2025)
  8. Minnesota Consumer Data Privacy Act (effective July 31, 2025)
  9. Maryland Online Data Privacy Act (effective Oct. 1, 2025)

These nine state privacy laws contain many similarities, broadly conforming to the Virginia Consumer Data Protection Act we discussed here.  All nine laws listed above contain the following familiar requirements:

(1) disclosing data handling practices to consumers,

(2) including certain contractual terms in data processing agreements,

(3) performing risk assessments (with the exception of Iowa); and

(4) affording resident consumers with certain rights, such as the right to access or know the personal data processed by a business, the right to correct any inaccurate personal data, the right to request deletion of personal data, the right to opt out of targeted advertising or the sale of personal data, and the right to opt out of the processing sensitive information.

The laws contain more than a few noteworthy differences. Each of the laws differs in terms of the scope of their application. The applicability thresholds vary based on: (1) the number of state residents whose personal data the company (or “controller”) controls or processes, or (2) the proportion of revenue a controller derives from the sale of personal data. Maryland, Delaware, and New Hampshire each have a 35,000 consumer processing threshold. Nebraska, similar to the recently passed data privacy law in Texas, applies to controllers that that do not qualify as small business and process personal data or engage in personal data sales. It is also important to note that Iowa adopted a comparatively narrower definition of what constitutes as sale of personal data to only transactions involving monetary consideration. All states require that the company conduct business in the state.

With respect to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), Iowa’s, Montana’s, Nebraska’s, New Hampshire’s, and Tennessee’s laws exempt HIPAA-regulated entities altogether; while Delaware’s, Maryland’s, Minnesota’s, and New Jersey’s laws exempt only protected health information (“PHI”) under HIPAA. As a result, HIPAA-regulated entities will have the added burden of assessing whether data is covered by HIPAA or an applicable state privacy law.

With respect to the Gramm-Leach-Bliley Act (“GLBA”), eight of these nine comprehensive privacy laws contain an entity-level exemption for GBLA-covered financial institutions. By contrast, Minnesota’s law exempts only data regulated by GLBA. Minnesota joins California and Oregon as the three state consumer privacy laws with information-level GLBA exemptions.

Not least of all, Maryland’s law stands apart from the other data privacy laws due to a number of unique obligations, including:

  • A prohibition on the collection, processing, and sharing of a consumer’s sensitive data except when doing so is “strictly necessary to provide or maintain a specific product or service requested by the consumer.”
  • A broad prohibition on the sale of sensitive data for monetary or other valuable consideration unless such sale is necessary to provide or maintain a specific product or service requested by a consumer.
  • Special provisions applicable to “Consumer Health Data” processed by entities not regulated by HIPAA. Note that “Consumer Health Data” laws also exist in Nevada, Washington, and Connecticut as we previously discussed here.
  • A prohibition on selling or processing minors’ data for targeted advertising if the controller knows or should have known that the consumer is under 18 years of age.

While states continue to enact comprehensive data privacy laws, there remains the possibility of a federal privacy law to bring in a national standard. The American Privacy Rights Act (“APRA”) recently went through several iterations in the House Committee on Energy and Commerce this year, and it reflects many of the elements of these state laws, including transparency requirements and consumer rights. A key sticking point, however, continues to be the broad private right of action included in the proposed APRA but absent from all state privacy laws. Only California’s law, which we discussed here, has a private right of action, although it is narrowly circumscribed to data breaches.  Considering the November 2024 election cycle, it is likely that federal efforts to create a comprehensive privacy law will stall until the election cycle is over and the composition of the White House and Congress is known.

Court Affirmed Holding That Plaintiffs Did Not Have Standing To Sue Regarding A Charitable Trust

In Dao v. Trinh, a group of five individuals who contributed money for membership in a religious community sued the person who they alleged misapplied their money for the benefit of a different religious community. No. 14-23-00131-CV, 2024 Tex. App. LEXIS 3208 (Tex. App.—Houston [14th Dist.] May 9, 2024, no pet. history). The plaintiffs brought fraud claims for alleged misrepresentations and breach of contract. The defendant filed a plea to the jurisdiction, alleging that the plaintiffs did not have standing to sue. The trial court entered an order dismissed the plaintiff’s claims with prejudice and expressly found that the plaintiffs lacked standing to bring their fraud and breach of contract claims.

The court of appeals affirmed. The court first discussing standing to sue over a charitable trust:

No party disputes that the Cao Dai organization in question, for which Trinh is the founder and director, is a “charitable trust”. This is particularly significant because the attorney general “is the representative of the public and is the proper party to maintain” a suit “vindicating the public’s rights in connection with that charity.” A private individual has standing to maintain a suit against a public charity only if the person seeks vindication of some peculiar or individual rights, distinct from those of the public at large. Moreover, a private individual must similarly establish standing in a case such as this, brought against the trustee of a public charity in connection with their office or service.

Id. The court concluded that whether framed as a fraud or breach of contract claim, the plaintiffs did not have standing to sue for the return of their donations:

Based on the holding in Eshelman, we conclude the Temple Donor Parties’ allegations and proof for their fraud claims pertaining to their donations to a charitable fails to establish standing to bring their claims (whether under a fraud theory or conditional gift theory); that is, the facts alleged and undisputed do not vindicate of some peculiar or individual rights, distinct from any other donor or from the public at large.

Id.

AI Regulation Continues to Grow as Illinois Amends its Human Rights Act

Following laws enacted in jurisdictions such as ColoradoNew York CityTennessee, and the state’s own Artificial Intelligence Video Interview Act, on August 9, 2024, Illinois’ Governor signed House Bill (HB) 3773, also known as the “Limit Predictive Analytics Use” bill. The bill amends the Illinois Human Rights Act (Act) by adding certain uses of artificial intelligence (AI), including generative AI, to the long list of actions by covered employers that could constitute civil rights violations.

The amendments made by HB3773 take effect January 1, 2026, and add two new definitions to the law.

“Artificial intelligence” – which according to the amendments means:

a machine-based system that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.

The definition of AI includes “generative AI,” which has its own definition:

an automated computing system that, when prompted with human prompts, descriptions, or queries, can produce outputs that simulate human-produced content, including, but not limited to, the following: (1) textual outputs, such as short answers, essays, poetry, or longer compositions or answers; (2) image outputs, such as fine art, photographs, conceptual art, diagrams, and other images; (3) multimedia outputs, such as audio or video in the form of compositions, songs, or short-form or long-form audio or video; and (4) other content that would be otherwise produced by human means.

The plethora of AI tools available for use in the workplace continues unabated as HR professionals and managers vie to adopt effective and efficient solutions for finding the best candidates, assessing their performance, and otherwise improving decision making concerning human capital. In addition to understanding whether an organization is covered by a regulation of AI, such as HB3773, it also is important to determine whether the technology being deployed also falls within the law’s scope. Assuming the tool or application is not being developed inhouse, this analysis will require, among other things, working closely with the third-party vendor providing the tool or application to understand its capabilities and risks.

According to the amendments, covered employers can violate the Act in two ways. First, an employer that uses AI with respect to – recruitment, hiring, promotion, renewal of employment, selection for training or apprenticeship, discharge, discipline, tenure, or the terms, privileges, or conditions of employment – and which has the effect of subjecting employees to discrimination on the basis of protected classes under the Act may constitute a violation. The same may be true for employers that use zip codes as a proxy for protected classes under the Act.

Second, a covered employer that fails to provide notice to an employee that the employer is using AI for the purposes described above may be found to have violated the Act.

Unlike the Colorado or New York City laws, the amendments to the Act do not require a impact assessment or bias audit. They also do not provide any specifics concerning the notice requirement. However, the amendments require the Illinois Department of Human Rights (IDHR) to adopt regulations necessary for implementation and enforcement. These regulations will include rules concerning the notice, such as the time period and means for providing same.

We are sure to see more regulation in this space. While it is expected that some common threads will exist among the various rules and regulations concerning AI and generative AI, organizations leveraging these technologies will need to be aware of the differences and assess what additional compliance steps may be needed.

It’s Official – BIPA’s “Per-Scan” Damages Are Out; Electronic Signatures Are In

If you heard a collective sigh of relief last week, it was probably businesses reacting as Illinois Governor Pritzker finally signed Senate Bill 2979, officially reforming BIPA for the first time since 2008. As a reminder, SB 2979 was passed back in May, but has been awaiting the Governor’s signature.

This development is significant for two reasons. First, the new law prohibits the recovery of “per-scan” damages. This means that if a business collects or discloses an individual’s biometric data without consent, then that business is only liable for one BIPA violation as to that individual. In 2023, the Illinois Supreme Court’s decision in Cothron v. White Castle Systems decided that violations were accrued on a “per-scan” basis, leading to an outpouring of claims. This law effectively overrules that decision. Second, the bill permits businesses to fulfill the “written release” requirement for consent via “electronic signature.” This will make it easier for businesses to collect – and individuals to provide – consent for the collection and retention of biometric information.

Putting it into Practice: These amendments became effective on August 2, 2024. Businesses that anticipated costly litigation from a “per-scan” BIPA demand may have cause for relief. However, the prohibition on “per-scan” damages may not apply retroactively to pending BIPA actions. Additionally, businesses can reconfigure their consent flows to enable electronic signatures.

Listen to this post here

by: David M. Poell Kathryn Smith of Sheppard, Mullin, Richter & Hampton LLP

For more news on the Illinois Biometric Information Privacy Act (BIPA), visit the NLR Consumer Protection section.

Michigan Employers Take Note: New Ruling Impacts Paid Leave and Minimum Wage

Today, July 31, 2024, the Michigan Supreme Court released a highly anticipated opinion in the case of Mothering Justice v. Nessel. This case assessed the constitutionality of the Michigan Legislature’s 2018 “adopt-and-amend” strategy under which the Legislature adopted, and then immediately changed, two ballot proposals that would otherwise have been included on the November 2018 ballot for decision by Michigan voters. The ballot proposals pertained to Michigan minimum wage and paid sick leave requirements, and were originally entitled the Earned Sick Time Act (ESTA) and Improved Workforce Opportunity and Wage Act (IWOWA). The Legislature’s “adopt-and-amend” action had narrowed the original ballot proposal language, and resulted instead in the enactment of the Michigan Paid Medical Leave Act (PMLA) and current minimum wage provisions in effect since early 2019.

After years of legal challenge, the Michigan Supreme Court reversed a 2023 decision of the Michigan Court of Appeals, and ruled that the “adopt-and-amend” approach utilized by the Michigan Legislature violated the Michigan Constitution. The Court determined both of the ballot initiatives as originally adopted by the Legislature should be reinstated in lieu of current, amended versions. In the interests of justice and equity, the Court ordered the reinstatement to occur, but only after a time period the same as that which employers would have been provided to prepare for the new laws absent their improper amendment.

Therefore, significant new legal requirements will become effective February 21, 2025. These include:

  1. The paid leave ballot proposal as initially adopted by the Legislature in 2018, in the form of the ESTA, is reinstated effective February 21, 2025, in place of the PMLA. All covered employers must amend existing paid leave policies or implement new leave policies as applicable that comply with the ESTA by February 21, 2025. Key elements of the ESTA include:
    • All Michigan employers, except for the U.S. government, are covered.
    • All employees of a covered employer, rather than only certain categories of employees as provided under the PMLA, are covered.
    • Covered employers must accrue sick time for covered employees, at a rate of at least one hour of earned sick time for every 30 hours worked.
    • Employers with 10 or more employees, as defined by the ESTA, must allow employees to use up to 72 hours of paid earned sick time per year.
    • Employers with fewer than 10 employees, as defined by the ESTA, must provide up to 40 hours of earned paid sick time, and are permitted to provide remaining earned sick leave up to the required 72 hours per year on an unpaid basis, rather than paid.
    • Employers may not prohibit the carryover or cap the accrual of unused earned sick time.
    • Employers may limit the use of earned sick time in any year to 72 hours.
  2. The minimum wage ballot proposal as originally adopted by the Legislature in 2018, in the form of the IWOWA, is also effective February 21, 2025, subject to a phase in of certain requirements that remains to be determined at this time. The IWOWA will replace the narrower amendments that previously were enacted and took effect in 2019. Key provisions effective February 21, 2025, include:
    • The state minimum wage rate will be $10.00 plus the state treasurer’s inflation adjustment, which has yet to be calculated and released.
    • Future increases will be calculated annually based on inflation as specified in the IWOWA.
    • The existing “tip credit” provisions employers of tipped employees currently utilize to calculate whether they have been paid minimum wage will be phased out over a period of years and eliminated entirely by February 21, 2029.
    • Employees will have expanded rights as to how they are compensated for overtime work, including “comp time” as an alternative to customary payment of overtime wages.

The above will be applicable absent further judicial, legislative, or voter-driven constitutional action that prescribes a different course. As to judicial action, opportunities for appeal or rehearing of a state Supreme Court decision are limited and discretionary. As to voter-driven constitutional action, such as a referendum, the timing of the Court’s decision may well not permit for such action to be included on the 2024 ballot, even if sufficient support for such action were shown.

In terms of any legislative action to amend, such action could only occur in a future legislative session, meaning January 2025 or later. As to the level of support required, because the ballot proposals were adopted by the Legislature rather than approved by a majority of Michigan voters in an election process, the normal requirements will apply. Had the ballot proposals been approved by a majority of Michigan voters in the election, a 75% supermajority of both houses of the Legislature would have been required for any amendment passage.

by: Luis E. AvilaMaureen Rouse-AyoubStephanie R. SetteringtonElizabeth Wells SkaggsHannah A. Cone, and Ashleigh E. Draft of Varnum LLP

For more news on Michigan Employment Laws, visit the NLR Labor & Employment law section.

Michigan Supreme Court Expands Employer Exposure to Public Policy Retaliation Claims

In Michigan, various state employment laws prohibit employers from retaliating against employees. But can an employee pursue a public policy retaliation claim against the employer in addition to a statutory retaliation claim?

On July 22, 2024, the Michigan Supreme Court ruled that anti-retaliation provisions in two important workplace safety laws—the federal Occupational Safety and Health Act (“OSHA”) and Michigan’s Occupational Safety and Health Act (“MIOSHA”)—do not preclude a plaintiff from also asserting a violation of public policy in court. Stegall v. Resource Technology Corp (Case No. 165450, decided July 22, 2024).

Cleveland Stegall, an IT specialist working at FCA through the staffing agency Resource Technology, complained internally about asbestos insulation issues at the assembly plant and threatened to file complaints with the government. He was subsequently terminated. Stegall sued both entities for wrongful discharge under OSHA and MIOSHA’s anti-retaliation provisions, as well as termination in violation of public policy.

At-will employees generally may be terminated for any reason (or no reason at all). But one exception to this rule is that certain terminations violate public policy and therefore create an actionable legal claim. This includes firings for “failure or refusal to violate a law” or exercising a right conferred by the Michigan Legislature.

Both the trial court and the Court of Appeals dismissed Stegall’s public policy claim because they concluded that the OSHA and MIOSHA laws already forbid retaliation. The Michigan Supreme Court reversed. It reasoned that the remedies under OSHA and MIOSHA are insufficient, pointing to the truncated 30-day period to file a complaint with the relevant government agency, the discretion granted to the respective investigating agency, and the employee’s lack of control over what occurs after a complaint has been filed. See 29 U.S.C. §660(c)(2) and MCL 408.1065(2).

What does this case mean for employers? The Michigan Supreme Court’s decision provides another avenue for employees to pursue retaliation claims, particularly where the employee raises workplace safety concerns. It is unclear, however, whether courts will extend this ruling and allow employees to pursue public policy wrongful discharge claims if the employee is also seeking relief under another anti-retaliation statute.

NJDEP Proposes Bald Eagle Removal and Other Changes to New Jersey’s Threatened and Endangered Species Lists

On June 3, 2024, the New Jersey Department of Environmental Protection announced a rule proposal which would update the endangered species and the nongame species lists promulgated by the Fish & Wildlife Endangered and Nongame Species Program (“ENSP”). These proposed updates would reflect, among other changes, the recategorization of the conservation status of certain species from the ENSP lists along with other structural and organizational amendments.

Primarily, the proposal celebrates the prospective reduced conservation status of three species, including the Peregrine Falcon, Bobcat, and Cope’s Gray Treefrog which each will have their conservation status reduced from “Endangered” to “Threatened.”

More significantly, the Bald Eagle, Red-headed Woodpecker, and Osprey are proposed to have their status reduced to “Special Concern” or “Secure/Stable.” The Department has further proposed partial conservation status reductions for the non-breeding populations of certain bird species including the Yellow-crowned Night-Heron, and Red-headed Woodpecker which have both been reduced to “Special Concern” for non-breeding activities. In effect, these species are being delisted, which is significant for Land Resource permitting under the Coastal Rules and Freshwater Wetlands Protection Act. This also should impact permitting under Pinelands Commission regulations.

Inapposite to those species having their conservation status reduced, the Department has proposed increased conservation designations for thirty (30) species, including select species particularly impactful to development and redevelopment initiatives in New Jersey. Those include three species of bat, the Northern Myotis, Little Brown Bat, and Tricolored Bat, which will each move from an undetermined/unknown status to “Endangered.”

Lastly, the Department proposes moving currently threatened species listed on the nongame species list at N.J.A.C. 7:25-4.17 to the endangered species list at N.J.A.C. 7:25-4.13. This restructuring will leave the species’ conservation status unchanged and includes a number of special species for New Jersey development and redevelopment, such as the Bobolink and Grasshopper Sparrow.

In addition to these conservation status changes, the Department has proposed a new procedure which would allow the addition of species to the list of endangered species by notice of administrative change when that species has been added to the Federal list of endangered and threatened species of wildlife pursuant to the Endangered Species Act of 1973 at 16 U.S.C. § 1531 et seq. and is indigenous to New Jersey. The Department notes this procedure seeks to further the goal of creating a listing that is more consistent with the Federal standard but in doing so the State will obviate the typical Administrative Procedure Act public comment process.

Matthew L. Capone contributed to this article

Illinois Passes Comprehensive Law Governing Carbon Capture, Utilization and Sequestration Projects in Illinois

On May 26, the Illinois legislature passed comprehensive carbon capture, utilization, and sequestration (CCUS) legislation. CCUS involves the capture of carbon dioxide directly from ambient air or uses processes to separate carbon dioxide from industrial or energy-related sources, either for use or for underground injection for long-term storage.
The Safety and Aid for the Environment in Carbon Capture and Sequestration Act (SAFE CCS Act), establishes, among other requirements, protections for pore space owners, additional requirements for CO2 pipeline development, and a permitting program for sequestration projects. CCUS projects not grandfathered from the SAFE CCS ACT will now need to adhere to Illinois state sequestration requirements in addition to existing federal regulations.

Pore Space

First, the SAFE CCS Act sets forth requirements and procedures to obtain “pore space” for sequestration. “Pore space” is defined in the Act as the “portion of the geologic media … that can be used to store carbon dioxide.” Illinois has an abundance of geologic media appropriate for sequestration, according to the Illinois State Geologic Survey, and the areas are generally far underground (from 2000 to 7000 ft below ground surface). The SAFE CCS Act specifies that title to pore space remains in the surface owner, but pore space can be leased or subject to an easement. The owner or operator of a sequestration facility must obtain pore space rights from at least 75% of the landowners that may be affected and can petition the US Department of Natural Resources for “unitization” if “holdouts” occur. Certain documents must be provided to the Department and no “pore space” can be used until a federal Class VI well permit has been issued by the US Environmental Protection Agency (EPA).

CO2 Pipelines

Second, the SAFE CCS Act amends Illinois’ existing Carbon Dioxide Transportation and Sequestration Act (CO2 Act), including the requirements for an owner or operator of a CO2 pipeline to receive a “certificate of authority” from the Illinois Commerce Commission (ICC) to construct and operate a CO2 pipeline. The Act further requires that the ICC verify compliance with applicable Pipeline and Hazardous Materials Safety Administration (PHMSA) safety rules. The SAFE CCS ACT purports to prohibit the ICC from issuing any certificates of authority for new CO2 pipelines until the earlier of July 2026, or PHMSA’s completion of a current rulemaking process to update its CO2 pipeline safety standards. The Safe CCS Act does clarify the intention that (1) an operator receiving a certificate of authority under the CO2 Act does not have to also obtain a certificate from the ICC as a common carrier by pipeline under the Illinois Common Carrier by Pipeline Law (220 ILCS 5/15-101 et seq.); and (2) grants of certificates of authority under the CO2 Act are not limited only to pipelines transporting carbon dioxide captured from sources using coal.

Emergency Response

Third, the SAFE CCS Act requires detailed emergency response planning for CCS projects. The ACT assigns emergency response authority to the Illinois Emergency Management Agency, providing a number of responsibilities and resources to the Agency to enhance training, oversight, and enforcement capability pertaining to emergency response for CCS facilities.

Sequestration Permit Program

Fourth, the SAFE CCS Act requires sequestration facility operators to obtain a permit from the Illinois EPA prior to constructing any portion of the sequestration project. This permit is in addition to, and goes beyond the requirements of, the existing requirement to obtain a federal Class VI injection well permit from US EPA. The permitting regime under the SAFE CCS Act requires various evaluations and reports, including an evaluation of the impact on water resources used by the sequestration facility. The Illinois environmental permit will cover long-term reporting, monitoring, and financial assurance mechanisms.

Liability

Finally, the SAFE CCS Act includes provisions on the assignment of liability associated with the sequestration, storage, and management of CO2. Specifically, the SAFE CCS Act specifies that the operator of the sequestration facility, not the state, is responsible for any personal or property damage caused by the sequestration. It clarifies that the sequestered gas remains the property of the operator of the sequestration, not the owner of the pore space.

The Act also requires a variety of fees and the creation of various funds to support the administration, emergency preparedness, and environmental justice initiatives across the state. It also appears to prohibit the use of captured carbon dioxide for enhanced oil recovery processes.

Governor J.B. Pritzker has indicated he will sign the legislation when it reaches his desk. If enacted, it is expected that the Illinois EPA, the Illinois Department of Natural Resources, and the ICC will promulgate rules to assist with implementing the Act.

On July 1, 2024, Texas May Have the Strongest Consumer Data Privacy Law in the United States

It’s Bigger. But is it Better?

They say everything is bigger in Texas which includes big privacy protection. After the Texas Senate approved HB 4 — the Texas Data Privacy and Security Act (“TDPSA”), on June 18, 2023, Texas became the eleventh state to enact comprehensive privacy legislation.[1]

Like many state consumer data privacy laws enacted this year, TDPSA is largely modeled after the Virginia Consumer Data Protection Act.[2] However, the law contains several unique differences and drew significant pieces from recently enacted consumer data privacy laws in Colorado and Connecticut, which generally include “stronger” provisions than the more “business-friendly” laws passed in states like Utah and Iowa.

Some of the more notable provisions of the bill are described below:

More Scope Than You Can Shake a Stick At!

  • The TDPSA applies much more broadly than any other pending or effective state consumer data privacy act, pulling in individuals as well as businesses regardless of their revenues or the number of individuals whose personal data is processed or sold.
  • The TDPSA applies to any individual or business that meets all of the following criteria:
    • conduct business in Texas (or produce goods or services consumed in Texas) and,
    •  process or sell personal data:
      • The “processing or sale of personal data” further expands the applicability of the TDPSA to include individuals and businesses that engage in any operations involving personal data, such as the “collection, use, storage, disclosure, analysis, deletion, or modification of personal data.”
      • In short, collecting, storing or otherwise handling the personal data of any resident of Texas, or transferring that data for any consideration, will likely meet this standard.
  • Uniquely, the carveout for “small businesses” excludes from coverage those entities that meet the definition of “a small business as defined by the United States Small Business Administration.”[3]
  • The law requires all businesses, including small businesses, to obtain opt-in consent before processing sensitive personal data.
  • Similar to other state comprehensive privacy laws, TDPSA excludes state agencies or political subdivisions of Texas, financial institutions subject to Title V of the Gramm-Leach-Bliley Act, covered entities and business associates governed by HIPAA, nonprofit organizations, and institutions of higher education. But, TDPSA uniquely excludes electric utilities, power generation companies, and retail electric providers, as defined under Section 31.002 of the Texas Utilities Code.
  • Certain categories of information are also excluded, including health information protected by HIPAA or used in connection with human clinical trials, and information covered by the Fair Credit Reporting Act, the Driver’s Privacy Protection Act, the Family Educational Rights and Privacy Act of 1974, the Farm Credit Act of 1971, emergency contact information used for emergency contact purposes, and data necessary to administer benefits.

Don’t Mess with Texas Consumers

Texas’s longstanding libertarian roots are evidenced in the TDPSA’s strong menu of individual consumer privacy rights, including the right to:

  • Confirm whether a controller is processing the consumer’s personal data and accessing that data;
  • Correct inaccuracies in the consumer’s personal data, considering the nature of the data and the purposes of the processing;
  • Delete personal data provided by or obtained about the consumer;
  • Obtain a copy of the consumer’s personal data that the consumer previously provided to a controller in a portable and readily usable format, if the data is available digitally and it is technically feasible; and
  • Opt-out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of a decision that produces legal or similarly significant legal effects concerning the consumer.

Data controllers are required to respond to consumer requests within 45 days, which may be extended by 45 days when reasonably necessary. The bill would also give consumers a right to appeal a controller’s refusal to respond to a request.

Controller Hospitality

The Texas bill imposes a number of obligations on data controllers, most of which are similar to other state consumer data privacy laws:

  • Data Minimization – Controllers should limit data collection to what is “adequate, relevant, and reasonably necessary” to achieve the purposes of collection that have been disclosed to a consumer. Consent is required before processing information in ways that are not reasonably necessary or not compatible with the purposes disclosed to a consumer.
  • Nondiscrimination – Controllers may not discriminate against a consumer for exercising individual rights under the TDPSA, including by denying goods or services, charging different rates, or providing different levels of quality.
  • Sensitive Data – Consent is required before processing sensitive data, which includes personal data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, citizenship or immigration status, genetic or biometric data processed for purposes of uniquely identifying an individual; personal data collected from a child known to be under the age of 13, and precise geolocation data.
    • The Senate version of the bill excludes data revealing “sexual orientation” from the categories of sensitive information, which differs from all other state consumer data privacy laws.
  • Privacy Notice – Controllers must post a privacy notice (e.g. website policy) that includes (1) the categories of personal data processed by the controller (including any sensitive data), (2) the purposes for the processing, (3) how consumers may exercise their individual rights under the Act, including the right of appeal, (4) any categories of personal data that the controller shares with third parties and the categories of those third parties, and (5) a description of the methods available to consumers to exercise their rights (e.g., website form or email address).
  • Targeted Advertising – A controller that sells personal data to third parties for purposes of targeted advertising must clearly and conspicuously disclose to consumers their right to opt-out.

Assessing the Privacy of Texans

Unlike some of the “business-friendly” privacy laws in Utah and Iowa, the Texas bill requires controllers to conduct data protection assessments (“Data Privacy Protection Assessments” or “DPPAs) for certain types of processing that pose heightened risks to consumers. The assessments must identify and weigh the benefits of the processing to the controller, the consumer, other stakeholders, and the public against the potential risks to the consumer as mitigated by any safeguards that could reduce those risks. In Texas, the categories that require assessments are identical to those required by Connecticut’s consumer data privacy law and include:

  • Processing personal data for targeted advertising;
  • The sale of personal data;
  • Processing personal data for profiling consumers, if such profiling presents a reasonably foreseeable risk to consumers of unfair or deceptive treatment, disparate impact, financial, physical or reputational injury, physical or other intrusion upon seclusion of private affairs, or “other substantial injury;”
  • Processing of sensitive data; and
  • Any processing activities involving personal data that present a “heightened risk of harm to consumers.”

Opting Out and About

Businesses are required to recognize a universal opt-out mechanism for consumers (or, Global Privacy Control signal), similar to provisions required in Colorado, Connecticut, California, and Montana, but it would also allow businesses more leeway to ignore those signals if it cannot verify the consumers’ identity or lacks the technical ability to receive it.

Show Me Some Swagger!

The Attorney General has the exclusive right to enforce the law, punishable by civil penalties of up to $7,500 per violation. Businesses have a 30-day right to cure violations upon written notice from the Attorney General. Unlike several other laws, the right to cure has no sunset provision and would remain a permanent part of the law. The law does not include a private right of action.

Next Steps for TDPSA Compliance

For businesses that have already developed a state privacy compliance program, especially those modeled around Colorado and Connecticut, making room for TDPSA will be a streamlined exercise. However, businesses that are starting from ground zero, especially “small businesses” defined in the law, need to get moving.

If TDPSA is your first ride in a state consumer privacy compliance rodeo, some first steps we recommend are:

  1. Update your website privacy policy for facial compliance with the law and make sure that notice is being given at or before the time of collection.
  2. Put procedures in place to respond to consumer privacy requests and ask for consent before processing sensitive information
  3. Gather necessary information to complete data protection assessments.
  4. Identify vendor contracts that should be updated with mandatory data protection terms.

Footnotes

[1] As of date of publication, there are now 17 states that have passed state consumer data privacy laws (California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Massachusetts, Montana, New Jersey, New Hampshire, Tennessee, Texas, Utah, Virginia) and two (Vermont and Minnesota) that are pending.

[2] See, Code of Virginia Code – Chapter 53. Consumer Data Protection Act

[3] This is notably broader than other state privacy laws, which establish threshold requirements based on revenues or the amount of personal data that a business processes. It will also make it more difficult to know what businesses are covered because SBA definitions vary significantly from one industry vertical to another. As a quick rule of thumb, under the current SBA size standards, a U.S. business with annual average receipts of less than $2.25 million and fewer than 100 employees will likely be small, and therefore exempt from the TDPSA’s primary requirements.

For more news on State Privacy Laws, visit the NLR Consumer Protection and Communications, Media & Internet sections.

Recently Effective & Pending State Housing Laws: 2024 Land Use, Environmental & Natural Resources Update

Various state housing bills are currently making their way through the State Legislature that are expected to benefit mixed-income multifamily housing developers. The following summaries reflect the status of the legislation as of May 15, 2024. The legislative process is ongoing and future amendments are expected.

The recently effective state housing laws are also summarized below.

PART I: RECENTLY EFFECTIVE STATE HOUSING LAWS

Governor Newsom approved multiple state housing bills passed by the State Assembly and Senate during the last legislative session. The following is an abbreviated summary of a few of the key bills that are expected to benefit mixed-income multifamily housing developers, with a more detailed summary available in our prior legal alert.

SENATE BILL 423 — EXPANSION AND EXTENSION OF SENATE BILL 35

SB 423 (Wiener) extends the sunset provision for and makes other substantive changes to SB 35. As explained in our prior legal alert, SB 35 provides for a streamlined ministerial (i.e., no CEQA) approval process for qualifying housing development projects in local jurisdictions that have not made sufficient progress towards their state-mandated Regional Housing Needs Allocation (RHNA), as determined by the California Department of Housing and Community Development (HCD).

SB 423 made the following key amendments to SB 35:

  • Extended SB 35 to January 1, 2036
  • Expanded SB 35 to apply when a local jurisdiction fails to adopt a housing element in substantial compliance with state housing element law (regardless of RHNA progress), as specified and as determined by HCD
  • Revised the coastal zone development prohibition to allow for projects in specified urban coastal locations (e.g., property not vulnerable to five feet of sea level rise or within close proximity to a wetland) where the property is zoned for multifamily housing and is subject to a certified local coastal program or a certified land use plan
  • Removed skilled and trained workforce requirements for projects below 85 feet in height and imposes modified skilled and trained workforce requirements, as specified, for projects at least 85 feet in height. In exchange, projects with 50 or more dwelling units and using construction craft employees to meet apprenticeship program requirements and provide health care expenditures for each employee, as specified

Please see our prior legal alert for information about other SB 35 amendments made by SB 423, including San Francisco-specific amendments.

ASSEMBLY BILL 1287 — ADDITIONAL DENSITY BONUS UNDER STATE DENSITY BONUS LAW

AB 1287 (Alvarez) amended the State Density Bonus Law (Government Code § 65915) by incentivizing the construction of housing units for both the “missing middle” and very-low-income households by providing for an additional density bonus, and incentive/ concession for projects providing moderate-income units or very-low-income units.

The project must provide the requisite percentage of on-site affordable units to obtain the maximum density bonus (50%) under prior law: 15% very-low-income units, or 24% low-income units, or 44% moderate-income (ownership only) units (the Base Bonus). To qualify for an additional density bonus (up to 100%) and an additional incentive/concession under AB 1287, the project must provide additional on-site affordable units, as specified (the Added Bonus). The Added Bonus may be obtained by adding moderate-income units to either a rental or ownership project, but that is capped at a total maximum of 50% moderate-income units.

ASSEMBLY BILL 1633 — EXPANSION OF HOUSING ACCOUNTABILITY ACT PROTECTIONS: CEQA

AB 1633 (Ting) closed a loophole in the Housing Accountability Act (HAA) (Government Code section 65589.5 et seq.) by establishing when a local agency’s failure to exercise its discretion under CEQA, or abuse of its discretion under CEQA, constitutes a violation of the HAA.

To qualify under AB 1633, the project must be a “housing development project” under the HAA and meet other specified requirements, as summarized in our prior legal alert. Under AB 1633, the following circumstances constitute “disapproval” of the project, in which case the local agency could be subject to enforcement under the HAA:

  • CEQA Exemptions. If (i) the project qualifies for a CEQA exemption based on substantial evidence in the record (and is not subject to an exception to that exemption) and (ii) the local agency does not make a lawful determination, as defined, on the exemption within 90 days (with a possible extension, as specified) of timely written notice from the applicant, as specified.
  • Other CEQA Determinations. If (i) the project qualifies for a negative declaration, addendum, EIR, or comparable environmental review document under CEQA; (ii) the local agency commits an abuse of discretion, as defined, by failing to approve the applicable CEQA document in bad faith or without substantial evidence in the record to support the legal need for further environmental study; (iii) the local agency requires further environmental study; and (iv) the local agency does not make a lawful determination, as defined, on the applicable CEQA document within 90 days of timely written notice from the applicant, as specified.

AB 1633 includes a limited exception to enforcement where a court finds that the local agency acted in good faith and had reasonable cause to disapprove the project due to the existence of a controlling question of law about the application of CEQA or the CEQA Guidelines as to which there was a substantial ground for difference of opinion at the time of the disapproval.

ASSEMBLY BILL 1485 — STATE ENFORCEMENT OF HOUSING LAWS

AB 1485 (Haney) granted the California Attorney General the “unconditional right to intervene” in lawsuits enforcing state housing laws, whether intervening in an independent capacity or pursuant to a notice of referral from HCD. Under prior law, the Attorney General and HCD were required to petition the court to be granted intervenor status and join a lawsuit, which can be a “lengthy and onerous process.”

PART II: PENDING STATE HOUSING LAWS

Various state housing bills are currently making their way through the State Legislature that are expected to benefit mixed-income multifamily housing developers. AB 2243 (Wicks) would amend AB 2011 (the Affordable Housing and High Road Jobs Act of 2022). AB 1893 (Wicks) and AB 1886 (Wicks and Alvarez) would amend Builder’s Remedy provisions under the HAA. AB 2560 (Alvarez) and SB 951 (Wiener) would help facilitate housing development in the coastal zone. AB 3068 (Haney) would provide for the streamlined ministerial (i.e., no CEQA) approval of qualifying adaptive reuse projects involving the conversion of an existing building to residential or mixed-uses. SB 1227 (Wiener) would help facilitate middle-income housing and other projects in the San Francisco Downtown Revitalization Zone.

The following summaries reflect the status of the legislation as of May 15, 2024. The legislative process is ongoing and future amendments are expected.

ASSEMBLY BILL 2243 — AB 2011 AMENDMENTS

AB 2243 (Wicks) would amend AB 2011 (operative as of July 1, 2023). As explained in our prior legal alert, AB 2011 provides for “by right” streamlined ministerial (i.e., no CEQA, no discretion) approval of qualifying mixed-income and affordable housing development projects along commercial corridors in zoning districts where office, retail, and/or parking uses are principally permitted.

As currently proposed, AB 2243 would:

Project Review and Approval
  • Require the local government to approve the AB 2011 project within a specified timeframe. Once the project is deemed to be consistent with applicable objective planning standards, the local government would be required to approve the project within 180 days (for projects with more than 150 housing units) or 90 days (for projects with 150 or fewer housing units).
  • Require the local government to determine project consistency or inconsistency with applicable objective planning standards within 30 days when a project is resubmitted to address written feedback. The otherwise applicable timeframe is within 60 or 90 days, with the longer timeframe applying to projects with more than 150 housing units.
  • Provide that a density bonus under the State Density Bonus Law, including related incentives, concessions and/or waivers, “shall not cause the project to be subject to a local discretionary government review process” even if the requested incentives, concessions and/or waivers are not specified in a local ordinance. This is important because some local governments purport to require discretionary approval for specified “off menu” incentives, concessions and waivers despite the fact that AB 2011 provides for a ministerial (i.e., no CEQA) project approval process and specifically contemplates utilization of the State Density Bonus Law in conjunction with AB 2011.
  • Provide that the Phase I Environmental Assessment (ESA) requirement would be imposed as a condition of project approval versus prior to project approval. If any remedial action is required due to the presence of hazardous substances on the project site, that would need to occur prior to issuance of a certificate of occupancy (as specified).
Residential Density
  • Provide that the AB 2011 (base) residential density, which varies depending on the location and size of the project site, is now the “allowable” density (prior to any density bonus) instead of a minimum (“meet or exceed”) density requirement.
  • Impose a new minimum residential density requirement, which would be 75% of the greater of the applicable “allowable” residential density.
  • Specify that the imposition of applicable objective planning standards shall not preclude the “required” (minimum) AB 2011 residential density (prior to any density bonus) or require a reduction in unit sizes. It appears that this new provision is instead intended to apply to the “allowable” AB 2011 residential density pursuant to the cross-referenced subsections.
Commercial Corridor Frontage Requirements
  • Revise the definition for “commercial corridor” based on the applicable height limit. Where local zoning sets a height limit for the project site of less than 65 feet, the right-of-way would need to be at least 70 feet, which is the current AB 2011 requirement. For all other project sites, the right-of-way would now only need to be at least 50 feet.
  • Clarifies that the width of the right-of-way includes sidewalks for purposes of determining whether it is a “commercial corridor.”
  • Expand eligible sites to include conversions of “existing office buildings” that meet all other AB 2011 requirements, even if they are not on a commercial corridor.
Project Site Size Requirements
  • Waive the current 20-acre project site size limitation for “regional malls” that are up to 100 Regional malls is defined to include malls where (i) the permitted uses on the site include at least 250,000 square feet of retail, (ii) at least two-thirds of the permitted uses on the site are retail, and (iii) at least two of the permitted retail uses on the site are at least 10,000 square feet. Additional criteria for the redevelopment of regional mall sites is expected to be added to the bill.
Setback Requirements
  • Provide that density bonus incentives, concessions, and waivers permitted under the State Density Bonus Law may be utilized to deviate from specified AB 2011 setback requirements related to existing adjacent residential uses. The HCD previously opined that under existing AB 2011, only the AB 2011 height and density maximums can be modified via the density bonus approval process.
Freeway, Industrial Use, & Oil/Natural Gas Facility Proximity
  • Eliminate the freeway proximity and active oil/natural gas facility proximity prohibitions and replace those with specified air filtration media requirements.
  • Revise the AB 2011 limitation on project sites dedicated to industrial uses. Currently, project sites are disqualified where more than one-third of the square footage is dedicated to industrial use or the project site adjoins a site exceeding that threshold. “Dedicated to industrial use” would no longer include sites (i) where the most recently permitted use was industrial, but that use has not existed on the site for over three years; or (ii) where the site is designated industrial by the general plan, but residential uses are a principally permitted use on the site or the site adjoins an existing residential use.
  • Revise the definition of “freeway” to specify that freeway on-ramps and off-ramps are not included.
Coastal Zone Projects
  • Newly prohibit AB 2011 projects in the coastal zone that do not meet SB 35 coastal zone siting requirements (as recently amended by SB 423) under Government Code section 4(a)(6), exclusive of the requirement for the project site to be zoned for multifamily housing (since AB 2011 allows for multifamily housing on commercially zoned properties), including (but not limited to) where the applicable area of the coastal zone is not subject to a certified local coastal program or a certified land use plan.
  • Provide that the public agency with coastal development permitting authority, as applicable, shall approve the permit if it determines that the project is consistent with all objective standards of the local government’s certified local coastal program or certified land use plan, as applicable.
  • Provide that any density bonus, concession, incentive, waiver, and/or (reduced) parking ratios granted pursuant to the State Density Bonus Law “shall not constitute a basis to find the project inconsistent with the local coastal program.”
Residential Conversion Projects
  • Eliminate the residential density limit for the conversion of existing buildings to residential use, except where the project would include net new square footage exceeding 20% of the “overall square footage of the project.”
  • Prohibit the local government from requiring common open space beyond “what is required for the existing project site” versus required pursuant to the objective standards that would otherwise apply pursuant to the closest zoning district that allows for the AB 2011 residential (base) density, where applicable.
  • Exempt the conversion of “existing office buildings” from the commercial corridor frontage requirement.
Clarifications
  • Clarify that the AB 2011 on-site affordable housing requirement only applies to new housing units created by the project.
  • Clarify that the number of on-site affordable housing units required under AB 2011 is based on number of housing units in the project prior to any density bonus (i.e., the “base” project), which is consistent with the State Density Bonus Law.
  • Clarify the process for calculating the on-site affordable housing requirement under AB 2011 where the local jurisdiction requires a higher percentage of affordable units and/or a deeper level of affordability.
  • Clarify that the “allowable” density under AB 2011 is calculated prior to any density bonus under the State Density Bonus Law.
  • Clarify that “urban uses” includes a public park that is surrounded by other urban uses.
Implications

AB 2243 would make important clarifications in advance of the to-be-provided HCD guidance document on the implementation of AB 2011. The bill would make important amendments to the prior freeway and oil/natural gas facility proximity prohibitions by instead requiring installation of air filtration media, consistent with Senate Bill 4 (Affordable Housing on Faith and Higher Education Lands Act of 2023). The bill would also help facilitate AB 2011 projects in specified coastal zone areas. Under existing law, a qualifying AB 2011 project would be subject to streamlined ministerial approval at the local level, but not by the Coastal Commission, which could separately trigger a discretionary (i.e., CEQA) review and approval process. AB 2243 partially addresses that, but only in qualifying coastal zone areas (pursuant to SB 423, as modified) that are subject to a certified local coastal program or certified land use plan, which excludes various coastal zone areas.

ASSEMBLY BILL 2560 & SENATE BILL 951 — COASTAL ZONE PROJECTS

Assembly Bill 2560

AB 2560 (Alvarez) would amend the State Density Bonus Law to partially address coastal zone projects. Currently, the State Density Bonus Law explicitly provides that it “does not supersede or in any way alter or lessen the effect or application of the California Coastal Act of 1976” (Public Resources Code § 30000 et seq.). As currently proposed, AB 2560 would revise that provision to instead provide that any density bonus, concessions, incentives, waivers, or reductions of development standards, and (reduced) parking ratios to which an applicant is entitled under the State Density Bonus Law “shall be permitted notwithstanding the California Coastal Act of 1976” but only if the development is not located on a site that is any of the following:

  • An area of the coastal zone that is not subject to a certified local coastal program
  • An area of the coastal zone subject to paragraph (1), (2), or (3) of subdivision (a) of Section 30603 of the Public Resources Code (i.e., within a specified distance of the sea, estuary, stream, coastal bluff, tidelands, submerged lands, public trust lands, or sensitive coastal resources area)
  • An area of the coastal zone that is vulnerable to five feet of sea level rise, as determined by the National Oceanic and Atmospheric Administration, the Ocean Protection Council, the United States Geological Survey, the University of California, or a local government’s coastal hazards vulnerability assessment
  • A parcel within the coastal zone that is not zoned for multifamily housing
  • A parcel in the coastal zone and located on either of the following: (i) on, or within a 100-foot radius of, a wetland, as defined in Section 30121 of the Public Resources Code or (ii) on prime agricultural land, as defined in Sections 30113 and 30241 of the Public Resources Code
Implications

AB 2560 should help facilitate density bonus projects in coastal zone areas, but the coastal zone area would need to be subject to a certified local coastal program (versus either that or a certified land use plan pursuant to SB 423). Again, that excludes various coastal zone areas.

Senate Bill 951

SB 951 (Wiener) would amend the State Housing Element Law (Government Code § 65580 et seq.). Existing law requires rezoning by a local government, including adoption of minimum density and development standards (as specified), when the local government’s Housing Element site inventory does not identify adequate sites to accommodate the applicable state mandated RHNA. As currently proposed, SB 951 would require local governments in the coastal zone to make “any necessary local coastal program updates” to meet the applicable RHNA.

SB 951 would also amend the California Coastal Act to target the City and County of San Francisco. Existing law provides that approval of a coastal development permit by a “coastal county” with a certified local coastal program may be appealed to the California Coastal Commission under specified circumstances, including where the approved use is not “the principal permitted use” under the local zoning ordinance or zoning map. As currently proposed, SB 351 would provide that for purposes of that provision, “coastal county” does not include a local government that is both a city and county.

Implications

SB 951 would effectively require consistency between local coastal programs and any upzoning or rezoning required under State Housing Element Law. The appealability of coastal zone permits approved by the City and County of San Francisco would also be limited by the bill, which could help facilitate new housing development projects.

ASSEMBLY BILL 1893 & ASSEMBLY BILL 1886 — BUILDER’S REMEDY AMENDMENTS

As explained in our prior legal alert, the Builder’s Remedy applies when a local jurisdiction has not adopted an updated Housing Element in compliance with State Housing Element Law (Gov. Code § 65580, et seq.), in which case the local jurisdiction cannot deny a qualifying housing development project even if it is inconsistent with the local general plan and zoning ordinance (subject to limited exceptions).

To qualify for the Builder’s Remedy, the project must currently (i) fall under the definition of a “housing development project” under the HAA (i.e., a project consisting of residential units only, mixed-use developments consisting of residential and non-residential uses with at least two-thirds of the square footage designated for residential use, or transitional or supportive housing) and (ii) dedicate at least 20% of the dwelling units in the project as lower income (or 100% of the units as moderate income), as defined in the HAA.

Assembly Bill 1893

As currently proposed, AB 1893 would (i) reduce the required percentage of affordable units for mixed-income Builder’s Remedy projects from 20% lower income to 10% very low-income; (ii) impose new size and location guardrails on Builder’s Remedy projects; and (iii) authorize local jurisdictions to require compliance with other specified objective development standards so long as they do not reduce the “allowed” residential density or result in an increase in “actual costs.” AB 1893 would also eliminate the affordability requirement for Builder’s Remedy projects consisting of 10 units or fewer, so long as the project site is smaller than one acre with a minimum density of 10 units per acre.

New Basis for Denial & New Project Requirements

AB 1893 would significantly amend the most controversial component of the Builder’s Remedy, which is that a local jurisdiction without a substantially compliant Housing Element (“Non-Compliant Jurisdiction”) cannot deny a qualifying Builder’s Remedy project unless specified findings are made, which are intended to create a high threshold for denial by local jurisdictions.

As currently proposed, AB 1893 would newly authorize a Non-Compliant Jurisdiction to deny a qualifying Builder’s Remedy project if the project fails to meet any of the following “objective” standards. In other words, Builder’s Remedy projects would need to meet all the following new requirements (unless the project is “grandfathered” as explained below):

  • The project site must be designated by the general plan or located in a zone where housing, retail, office, or parking are “permissible” uses. Alternatively, if the project site is designated or zoned for agricultural use, at least 75% of the perimeter of the project site must adjoin parcels that are developed with urban uses, as defined under AB 2011. Recall that AB 2243 would amend the AB 2011 definition of “urban use” to clarify that urban use includes a public park that is surrounded by other urban uses.
  • The project site must not be on a site or adjoined to any site where more than one-third of the square footage on the site is “dedicated to industrial use,” as defined under AB 2011. Recall that AB 2243 would amend the AB 2011 definition of “dedicated to industrial use” to no longer include sites (i) where the most recently permitted use was industrial, but that use has not existed on the site for over three years; or (ii) where the site is designated industrial by the general plan, but residential uses are a principally permitted use on the site or the site adjoins an existing residential use.
  • The residential density for the project must not exceed the “greatest” of the following density calculations, as applicable, prior to any density bonus under the State Density Bonus Law (there is no codified limit under existing law):
    • For project sites within “high or highest resource census tracts” (as defined): (i) 50% greater than the “maximum” density deemed appropriate to accommodate (lower income) housing for the local jurisdiction as specified in Government Code section 65583.2(c)(3)(B) (e.g., for a local jurisdiction in a metropolitan county, “at least” 30 dwelling units per acre); or (ii) three times the density allowed by the general plan, zoning ordinance, or state law (prior to any density bonus under the State Density Bonus Law), whichever is greater.
    • For other project sites, (i) the “maximum” density appropriate to accommodate (lower income) housing for the local jurisdiction as specified in Government Code section 65583.2(c)(3)(B) (see above); or (ii) twice the density allowed by the general plan, zoning ordinance, or state law (prior to any density bonus under the State Density Bonus Law), whichever is greater.
    • For project sites located within one-half mile of a major transit stop, up to 35 dwelling units per acre more than the “amount allowable” specified above, as applicable.
    • The project must comply with “other” objective development standards (as defined) imposed by the local jurisdiction that apply in closest zone in the local jurisdiction for multi-family residential use at the “allowed” residential density If no such zone exists, the applicable objective standards shall be those for the zone that allows the greatest density within the city, county, or city and county, as applicable.

AB 1893 would provide that in no case may the local agency apply any objective development standards that will (i) have the effect of physically precluding the construction of the project at the “allowed” residential density (see above) or (ii) result in an increase in “actual costs.” The local agency would bear the burden of proof under these circumstances.

Project “Grandfathering”

As currently proposed, the foregoing new requirements would not apply to Builder’s Remedy applications that are “deemed complete” on or before April 1, 2024. Under existing law, “deemed complete” is defined to mean that the applicant has submitted a SB 330 preliminary application or, if that has not been submitted, a complete development application (as defined) has been submitted. AB 1893 would add that the local agency shall bear the burden of proof in establishing that the applicable application is not complete.

Implications

AB 1893 is an attempt to “modernize” the Builder’s Remedy by providing clarity to developers, local jurisdictions, and courts to avoid the “legal limbo” described by Attorney General Rob Bonta. As part of that compromise, significant new requirements would be imposed on Builder’s Remedy projects, including a new “cap” on residential density where no codified limit currently exists. In return, the clarifications made by AB 1893 and the reduced affordability requirement for mixed-income projects could help facilitate Builder’s Remedy projects in Non-Compliant Jurisdictions.

Assembly Bill 1886

A recent Builder’s Remedy lawsuit exposed some ambiguity regarding when a Housing Element is deemed “substantially compliant“ with State Housing Element Law. Opposing sides of the litigation disputed where (retroactive) self-certification by the local jurisdiction was sufficient. The court ruled that it was not. See our prior legal alert for our coverage of this ruling, which appears to be the impetus for the amendments proposed under AB 1886 (Alvarez and Wicks).

As currently proposed, AB 1886 would:

  • Clarify the point at which a Housing Element is deemed substantially compliant with State Housing Element Law: (i) the Housing Element has been adopted by the local jurisdiction and (ii) the local jurisdiction has received an affirmative determination of substantial compliance from HCD or a court of competent jurisdiction.
  • Clarify that the Housing Element shall continue to be considered in substantial compliance with State Housing Element Law until either: (i) HCD or a court of competent jurisdiction determines that the adopted Housing Element is no longer in substantial compliance (e.g., where any required rezoning is not approved in a timely manner) or (ii) the end of the applicable Housing Element cycle.
  • Specify that Housing Element compliance status is determined at the time the SB 330 Preliminary Application is submitted for the qualifying Builder’s Remedy project, which is consistent with HCD’s prior determination that the Builder’s Remedy is vested on that filing date. If a SB 330 Preliminary Application is not submitted, then the compliance status would be determined when a complete development application (as defined) is filed for the Builder’s Remedy project.
    • Require a local jurisdiction that adopted its Housing Element despite HCD’s non-compliance determination to submit the required findings, as specified, to HCD. In any legal proceeding initiated to enforce the HAA, HCD’s determination on the required findings would create a rebuttable presumption of substantial compliance or lack thereof.
Implications

AB 1886 would make it clear that a local jurisdiction cannot “self-certify” its Housing Element. Rather, an affirmative determination must be granted by HCD or, if a local jurisdiction adopts its Housing Element notwithstanding HCD’s determination to the contrary, a court of competent jurisdiction would need to agree with the local jurisdiction, notwithstanding the “rebuttable presumption” in favor of HCD’s non-compliance determination, where applicable.

ASSEMBLY BILL 3068 — ADAPTIVE REUSE PROJECTS

AB 3068 (Haney, Quirk-Silva, and Wicks) would provide for the streamlined ministerial (i.e., no CEQA) approval of qualifying adaptive reuse projects involving the conversion of an existing building to residential or mixed-uses, as specified. Qualifying adaptive reuse projects would be deemed “a use by right” regardless of the applicable zoning district, with the exception of any proposed non-residential uses.

As currently proposed, the following requirements would need to be met:

Threshold Requirements
  • The project must retrofit and repurpose an existing building to create new residential or mixed-uses (Adaptive Reuse). The Adaptive Reuse of light industrial buildings is prohibited unless the local planning director (or equivalent) determines that the “specific light industrial use is no longer useful for industrial purposes.”
  • At least 50% of the Adaptive Reuse project must be designated for residential use, which is defined to include housing units, dormitories, boarding houses, and group housing. For purposes of calculating total project square footage, underground spaces, including basements or underground parking garages, are excluded.
  • Any nonresidential uses must be “consistent with the land uses allowed by the zoning or a continuation of an existing zoning nonconforming use.”
  • If the existing building is a listed historic resource or is over 50 years old, specified requirements must be met.
Affordability Requirements
  • For rental projects, either (i) 15% of the units must be lower income (as defined) or (ii) 8% of the units must be very low income and 5% of the units must be extremely low income (as defined), unless different local requirements apply.
  • For ownership projects, either (i) 15% of the units must be lower income (as defined) or (ii) 30% of the units must be moderate income (as defined), unless different local requirements apply.
  • Where different local requirements apply, the project must include the higher percentage requirement and the lowest income target, unless local requirements require greater than 15% lower income units (only), in which case other specified requirements apply.
  • For rental projects, the affordable units must be restricted for 55 years and for ownership projects, the affordable units must be restricted for 45 years.
  • Affordable units in the project must have the same bedroom and bathroom count ratio as the market rate units, be equitably distributed within the project, and have the same type or quality of appliances, fixtures, and finishes.
Project Site Requirements
  • The Adaptive Reuse project site must be in an urbanized area or urban cluster (as defined and specified) and at least 75% of the perimeter must adjoin (as defined) parcels that are developed with urban uses (not defined in AB 3068 but separately defined in AB 2011).
  • Required Phase I ESA and if a recognized environmental condition is found, specified requirements must be met.
Labor Requirements
  • All construction workers must be paid at least the general prevailing wage of per diem wages for the type of work in the geographic area (as specified), except that apprentices registered in approved programs (as specified) may be paid at least the applicable apprentice prevailing rate.
  • The prevailing wage requirement must be included in all construction contracts, and all contractors and subcontractors must comply with specified requirements.
  • If the Adaptive Reuse project would include 50 or more dwelling units, additional requirements would apply (as specified), including but not limited to participation in an approved apprenticeship program and health care expenditures for any construction craft employees.
Project Approval Process
  • If the Adaptive Reuse project is determined by the local planning director (or equivalent) to be consistent with the foregoing requirements (referred to collectively as “objective planning standards”), the local agency must approve the project. That consistency determination must be based on whether there is “substantial evidence that would allow a reasonable person to conclude that the project is consistent with the objective planning standards.”
  • If the project is deemed to conflict with any applicable objective planning standards, the local agency must notify the project sponsor within 60 to 90 days of submittal of the development proposal, depending on whether the project contains more than 150 dwelling units. If the local agency fails to provide the required documentation (as specified), the project shall be deemed to satisfy applicable objective planning
  • Design review may be conducted by the local agency but must be objective (as specified) and must be concluded within 90 to 180 days of submittal of the development proposal, depending on whether the project contains more than 150 dwelling units.
Development Impact Fees

Adaptive Reuse projects would be exempt from all development impact fees “that are not directly related to the impacts resulting from the change of use of the site from nonresidential to residential or mixed-use” and any development impact fees charged must be “proportional to the difference in impacts caused by the change of use.” The project sponsor may also request that payment of development impact fees be deferred to the date that the certificate of occupancy is issued, subject to a written agreement to pay the development impact fees at that time.

Adjacent Projects

A qualifying Adaptive Reuse project “may include the development of new residential or mixed-use structures on undeveloped areas and parking areas on the parcels adjacent to the proposed adaptive reuse project site” if specified requirements are met.

Implications

AB 3068 would be another tool in the growing toolbox available to real estate developers to encourage the adaptive reuse of underutilized commercial buildings, including office buildings. Financial feasibility is likely to remain an issue due to high interest rates and construction costs. There are well-documented design challenges associated with the conversion of existing buildings to residential use due to required compliance with the strict provisions of the California Building Code, the California Residential Code, and local amendments to those codes. Even if alternate buildings standards are available for adaptive reuse projects (see the directive under AB 529), it not clear yet whether alternative standards would be available for required seismic upgrades, which are often cost-prohibitive.

Financial feasibility would be partially addressed by AB 3068, which would authorize local agencies to establish an Adaptive Reuse Investment Program funded by ad valorem property tax revenues (as specified), which could be transferred to the owners of qualifying Adaptive Reuse projects for the purpose of subsidizing the on-site affordable housing units required by AB 3068. The bill would also “align program requirements to encourage the utilization of existing programs such as the Federal Historic Tax Credit, the newly adopted California Historic Tax Credit, the Mills Act, and the California Historical Building Code.”

SB 1227 — SAN FRANCISCO DOWNTOWN REVITALIZATION ZONE PROJECTS

SB 1227 (Wiener) aims to speed the recovery of downtown San Francisco by creating a new CEQA exemption for qualifying student housing and mixed-use residential projects (along with commercial and institutional projects) in the Downtown Revitalization Zone, which includes the Financial District, Union Square, Eastern SOMA, Mid-Market, and Civic Center neighborhoods. Projects that do not meet all the requirements for the new CEQA exemption could qualify for the new CEQA streamlining process proposed under the bill. SB 1227 would also create a new property tax exemption for moderate-income housing in the Downtown Revitalization Zone.

Qualifying Downtown Revitalization Zone Projects

As currently proposed, the following threshold requirements would need to be met:

  • The project site must be in the San Francisco Downtown Revitalization Zone.
  • The general plan land use and zoning designations for the project site must allow for commercial, institutional, student housing, or mixed-uses (as specified below), as applicable to the project.
  • The project must not include any hotel uses, and if residential uses are proposed, the residential square footage must be less than two-thirds the total project square footage (i.e., the project cannot be a “housing development project” already protected under the HAA). The foregoing square footage limitation (see specified calculation requirements) would not apply to student housing.
  • To the extent that residential uses are proposed, the project must comply with applicable San Francisco inclusionary affordable housing requirements.
  • The project must not require the demolition of restricted affordable units, rent-controlled units, or a hotel (as specified). See also the specific requirements that apply to other existing and prior tenant-occupied housing.
  • The project must comply with 24 enumerated San Francisco ordinances related to development impact fees and environmental protection (including but not limited to the reduction of greenhouse gas emissions and water and energy consumption) and specified provisions of the California Green Building Standards Code.
  • The project site must not be environmentally sensitive, e.g., a delineated earthquake fault zone, habitat for protected species, or a hazardous waste site (as defined and specified).
  • The project must not result in net additional emissions of greenhouse gases from demolition or construction.
New CEQA Exemption

As currently proposed, the following additional requirements would need to be met to qualify for the new CEQA exemption:

  • Prevailing wage, skilled and trained workforce, and/or health care expenditure and apprenticeship requirements must be met (as specified), depending on the size of the project.
  • The project must not include any warehouse uses.
  • The project must not require the demolition of a building that is over 75 years old (regardless of its historic status) or result in “substantial harm” to a building on a federal, state, or local historic registry.
  • The project must be LEED Platinum certified (if over 1,000 square feet).
  • The project must be in an area with a per capita vehicle miles traveled (VMT) level 15% lower than the city or regional VMT.
New CEQA Streamlining Pathway

As currently proposed, San Francisco Downtown Revitalization Zone projects that meet the threshold requirements above, but not all of the additional requirements for the new CEQA exemption, could instead pursue CEQA streamlining whereby the project could be certified by the Governor prior to certification of an EIR for the project pursuant to the Jobs and Economic Improvement Through Environmental Leadership Act of 2021 (Leadership Act), which authorizes the Governor to certify qualifying projects (before January 1, 2032) for CEQA streamlining. One of the benefits of CEQA streamlining under the Leadership Act is that any CEQA litigation must be resolved (to the extent feasible) within 270 days, as specified.

As currently proposed, the following additional requirements would need to be met to qualify for CEQA streamlining:

  • Prevailing wage, skilled, and trained workforce requirements must be met (as specified).
  • The project must be at least LEED Gold certified (versus Platinum) if the project contains residential, retail, commercial, sports, cultural, entertainment, or recreational uses.
  • The project must not demolish a historic structure that is placed on a national, state, or local historic register (versus a building that is over 75 years old, regardless of its historic status).
  • The project must avoid a substantial adverse change to the significance of a historical or cultural resource.
  • The project must avoid or minimize significant environmental impacts in a disadvantaged community (as defined) and any required mitigation measures must be undertaken in, and directly benefit, the affected community.
  • The project must not result in any significant and unavoidable impacts under CEQA that would require adoption of a statement of overriding considerations by the lead agency.
  • The lead agency must approve a project certified by the Governor before January 1, 2031.

Please see the text of SB 1227 for more information about the proposed CEQA streamlining provisions for qualifying San Francisco Downtown Revitalization Zone projects.

New Property Tax Exemption for Moderate-Income Housing

This new (welfare) property tax exemption would allow for a partial exemption equal to the percentage of the value of the property that is equal to the percentage of the number of units serving moderate-income households. As currently proposed, the following requirements would need to be met to qualify:

  • The project must be in the San Francisco Downtown Revitalization Zone.
  • The project must include moderate-income rental units, as defined and specified.
  • The project must be owned and operated by a charitable organization (as defined), which includes (but is not limited to) limited partnerships in which the managing partner is an eligible nonprofit corporation or eligible limited liability company meeting specified requirements.
  • A building permit or site permit for the residential units on the property must be filed before January 1, 2035, and the property owner must claim the exemption within five years following the issuance of the first building permit. The new property tax exemption would also apply with respect to lien dates occurring on or after January 1, 2025.
Implications

SB 1227 should help facilitate the development of new housing for the “missing in the middle” in the San Francisco Downtown Revitalization Zone by providing for a new property tax exemption for projects that include moderate-income rental units. That could in turn help increase the financial feasibility of converting underutilized commercial buildings to mixed-uses, including residential uses.

SB 1227 would impose robust labor requirements for both the new CEQA exemption and CEQA streamlining pathway for qualifying projects in the San Francisco Downtown Revitalization Zone, which could inhibit the utilization of those benefits.