WeVote

Bill

Bill

SB 894

Relating to King Coal Highway Economic Advisory Board Act

2025 Regular Session Introduced by Craig Hart and 1 co-sponsor

Establishes privacy, consent, and authentication rules for relying parties accepting mobile driver's licenses and IDs, limiting data asked/retained and protecting holders.

To Economic Development
0
WeVote Research Nonpartisan
Bill Summary · SB 894

Summary — SB 894: "Relying Parties on Mobile Licenses Act" (mobile driver’s licenses / mobile ID privacy protections)

Status (summary of legislative actions)
- Introduced as part of a package authorizing mobile driver’s licenses and mobile ID cards; tie‑barred to companion bills that create the mobile ID system (SB 459–461).
- Reported in committee with accompanying analyses and committee reports. (Committee materials show the measure considered alongside SB 459–461; fiscal reports describe likely minimal direct state costs.)
- The bill’s effectiveness and operation are tied to enactment of the companion mobile‑license bills.

Purpose / intent
- To establish privacy, consent, and authentication rules that govern third parties (“relying parties”) who are presented with and choose to rely on a mobile operator’s license, mobile chauffeur’s license, mobile enhanced driver license, or mobile state ID card.
- Protect holders of mobile IDs from invasive device searches or coercive device surrender, and to limit the data a relying party may request, retain, and store.

Key provisions
- Definitions: clarifies terms such as “holder,” “relying party,” “data elements,” and the three categories of mobile credentials (mobile operator/chauffeur’s licenses, mobile official state personal ID cards, and mobile enhanced driver licenses).
- Relying‑party duties during a transaction:
- Request only the data elements available on the mobile credential that are necessary to complete the transaction.
- Inform the holder how requested data will be used and retained if the relying party seeks to retain it.
- Obtain the holder’s consent before releasing and (if applicable) retaining any requested data elements.
- Cryptographically authenticate the mobile credential before accepting it.
- Comply with all applicable privacy laws and regulations.
- Prohibitions on relying parties:
- May not ask a holder to relinquish possession of the mobile device on which the credential is provisioned.
- May not ask for consent to search the holder’s mobile device.
- May not require presentation of a mobile credential to complete a transaction (i.e., cannot make use of a mobile ID mandatory if a transaction can be completed otherwise).
- Clarification of consent: Presentation or use of a mobile credential for identity verification does not constitute consent or authorization to access/search other data or apps on the device.
- Conditional effective/implementing language: the act does not take effect (or is tied operationally) unless the companion bills creating/authorizing issuance and system infrastructure for mobile credentials are enacted.

Who is affected
- Holders: individuals issued mobile driver’s licenses or mobile state IDs (i.e., users of mDLs/mIDs) — gain explicit privacy protections and consent rights.
- Relying parties: businesses, private entities, and government actors that accept mobile IDs for identity verification must follow the duty/consent/authentication rules and privacy limits.
- Secretary of State / issuing agency: responsible (under companion bills) for issuing mobile credentials, ensuring data element parity with records, and providing the technological infrastructure that relying parties will authenticate against.
- Law enforcement and other public-sector verifiers: the bill limits certain actions (e.g., demanding device surrender or device searches) when a mobile credential is presented.

Potential impact and considerations
- Privacy protections: sets a baseline of consent, minimal data disclosure, and authentication requirements to reduce over‑collection and device intrusions.
- Technology requirements: relying parties will need the ability to cryptographically authenticate mobile credentials and to handle consented data retention securely — potential implementation costs (especially for smaller businesses and local law enforcement) are noted as indeterminate in committee analyses.
- Interplay with companion bills: the statute is designed to work with separate legislation that creates mobile credentials and the supporting mobile license system; it is not a standalone operational scheme.
- Fiscal: committee/fiscal reports indicate negligible direct fiscal impact on state government for the privacy/regulation bill itself; potential but indeterminate technology costs may fall to the issuing agency and relying parties.

Key cross references / procedural notes
- Tie‑barred with bills that authorize issuance and system development for mobile IDs (SB 459–461 in committee materials). Those companion bills address issuance, fees, system development, validity periods, and the Mobile License Fund.
- The bill’s legal framework mirrors approaches adopted (or considered) in other states that have introduced mobile driver’s license programs, balancing digital convenience with consumer privacy and security protections.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.