A new California law will impose stronger restrictions on tracking, data collection, and advertising related to visits to family planning centers.
California Governor Gavin Newsom has signed Assembly Bill 45 (AB-45), expanding existing privacy protections for individuals seeking or receiving healthcare services from family planning centers. Previously, state law prohibited collecting or sharing personal information about anyone located at or near such centers except when necessary to provide requested services.
Under AB-45, those restrictions are greatly broadened. The law now bans the collection, use, disclosure, sale, sharing, or retention of personal information tied to a person’s precise geolocation at a family planning center. The provisions apply to any individual, organization, or entity including corporations, associations, and trusts, and not just businesses. HIPAA-regulated entities and their business associates remain exempt if they comply with relevant federal and state privacy laws.
AB-45 aligns its definitions with those found in the California Consumer Privacy Act (CCPA), such as “personal information,” “sale,” and “precise geolocation.” It applies to facilities classified under the North American Industry Classification System as family planning centers, which include clinics providing reproductive healthcare services.
The law also prohibits the use of geofencing for tracking, identifying, or targeting individuals seeking or providing healthcare services. Specifically, it outlaws using geofencing to send notifications, collect personal data, or deliver targeted advertisements based on a person’s location near a healthcare facility.
There are limited exceptions. A facility may geofence its own location, geofencing is allowed for federally compliant research purposes, and labor organizations may geofence if they obtain consent before collecting any personal data. Personally identifiable research records remain protected and cannot be disclosed in response to out-of-state legal requests that violate California’s reproductive privacy laws.
State officials described AB-45 as a reinforcement of reproductive and digital privacy rights in California. The bill builds on previous legislative efforts to safeguard individuals’ location data following the U.S. Supreme Court’s 2022 decision overturning Roe v. Wade, which raised concerns about location tracking at reproductive health facilities.
AB-45 signals California’s growing focus on the intersection of digital privacy, health rights, and geolocation data. This could be part of a broader trend toward restricting data surveillance around sensitive healthcare services following the rollback of federal abortion protections. California’s move could influence similar legislation in other states, particularly as geofencing and location tracking continue to raise cross-jurisdictional enforcement challenges under both state and federal privacy frameworks.
Geofencing uses digital boundaries to track mobile devices within a specific area. AB-45 restricts its use to prevent advertisers or third parties from identifying or targeting individuals visiting healthcare facilities.
AB-45 complements the CCPA by extending its definitions to all persons and organizations, not just businesses, while exempting HIPAA-covered entities already governed by federal privacy standards.
Yes. The law provides a limited private right of action, allowing affected individuals or entities to seek up to three times their actual damages, plus legal costs and attorney fees.
The California Attorney General may issue fines of up to $25,000 per violation and pursue injunctive relief. Collected penalties will fund the California Reproductive Justice and Freedom Fund.
Given California’s history of setting national privacy standards, AB-45 could inspire similar legislative efforts in states seeking to strengthen reproductive healthcare privacy and limit geolocation-based tracking.