Civil Code section 1798.99.92
(a)
Except as provided in subdivision (f), it shall be unlawful to geofence an entity that provides in-person health care services in California for any of the following purposes:(1)
To identify or track a person seeking, receiving, or providing health care services.(2)
To collect personal information from a person seeking, receiving, or providing health care services.(3)
To send notifications to a person related to their personal information or health care services.(4)
To send advertisements to a person related to the person’s personal information or health care services.(b)
It shall be unlawful to sell personal information to, or share personal information with, a third party for the use of such information to violate subdivision (a). A statement signed under penalty of perjury, pursuant to Section 2015.5 of the Code of Civil Procedure, by a natural person authorized to enter into agreements on behalf of the third party that the personal information will not be used for these purposes shall be prima facie evidence that the personal information was not sold or shared in violation of this subdivision.(c)
Except as provided in subdivision (f), it shall be unlawful to use personal information obtained in violation of subdivision (a) or (b).(d)
(1)Any person that violates this section shall be subject to an injunction and liable for a civil penalty of twenty-five thousand dollars ($25,000) for each violation, which shall be assessed and recovered in a civil action brought in the name of the people of the State of California by the Attorney General. The court may consider the good faith cooperation of the entity or person in determining the amount of the civil penalty.(2)
Any civil penalty recovered by an action brought by the Attorney General for a violation of this section, and the proceeds of any settlement of any said action, shall be deposited in the California Reproductive Justice and Freedom Fund established pursuant to Section 140 of the Health and Safety Code.(e)
This section shall be implemented consistent with state and federal law.(f)
(1)(A)This section does not prohibit any person that owns, operates, manages, or otherwise provides services to an in-person health care entity from geofencing the entity’s own location to provide necessary health care services, including the use of location-based alarm devices to monitor newborns and memory-impaired individuals.(B)
This section does not prohibit any person that provides reproductive health care services, as defined in Section 1798.300, from utilizing geofencing for the purpose of providing security services to protect patients, staff, or property.(2)
Nothing in this section shall exempt any person from complying with any of the following:(A)
A lawfully executed search warrant.(B)
A lawful subpoena issued pursuant to existing California law.(C)
Law enforcement if law enforcement, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires access to such geofencing data. For purposes of this subparagraph, accessing, procuring, or searching for services regarding contraception, pregnancy care, and perinatal care, including, but not limited to, abortion services, shall not constitute being at risk or danger of death or serious physical injury.(3)
Nothing in this section abrogates or limits the requirements of the Electronic Communications Privacy Act (Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code).(4)
Nothing in this section shall apply to geofencing activities conducted solely for research purposes by an investigator within an institution that holds an assurance with the federal Department of Health and Human Services pursuant to Part 46 (commencing with Section 46.101) of Title 45 of the Code of Federal Regulations and who obtains informed consent in the method and manner required by those regulations.(5)
(A)This section does not prohibit geofencing activities conducted by a labor organization, as defined in Section 1117 of the Labor Code, or an employee organization, as defined in subdivision (a) of Section 3501 of, subdivision (a) of Section 3513 of, or subdivision (f) of Section 3562 of, the Government Code, if geofencing does not result in the labor union’s collection of names or personal information without the express consent of an individual and is for activities concerning workplace conditions, worker or patient safety, labor disputes, or organizing.(B)
A third party vendor, including, but not limited to, a social media platform, that collects personal information from a labor organization or employee organization pursuant to subparagraph (A) shall be prohibited from selling, using, or sharing that personal information for any purpose other than the activities described in subparagraph (A).
Source:
Section 1798.99.92, https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV§ionNum=1798.99.92. (updated Jan. 1, 2026; accessed Dec. 29, 2025).
