CPPA Board Declines to Advance CCPA Regulations to Formal Rulemaking; CPPA Highlights Enforcement Priorities

Dorian Simmons
Alston & Bird
Contact
LinkedIn
Facebook
X
Send
Embed

Alston & Bird

On July 16, 2024, the California Privacy Protection Agency (the “CPPA”) board declined to advance to formal rulemaking California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automated decisionmaking technology, insurance companies and updates to existing regulations. The CPPA board voted against advancing the regulations during its board meeting when it also received an update on CPPA enforcement priorities.

CPPA Board Declines to Advance Draft Regulations to Formal Rulemaking

The CPPA board decided against advancing the draft regulations, in part, because board members disagreed on the scope of the risk assessment and automated decisionmaking technology draft regulations. Board Member Alastair MacTaggart criticized the broad scope of the draft regulations. The CPPA board tasked the CPPA staff with revising the draft regulations to narrow the scope of processing activities that trigger obligations under the proposed regulations.

The CPPA board expects to review the revised draft regulations during its September meeting. If the CPPA board advances the draft regulations to formal rulemaking in September, the earliest the draft regulations could take effect is January 1, 2025, but that would require the CPPA to submit finalized regulations to the California Office of Administrative Law (“OAL”) and for the OAL to approve the rulemaking and file the proposed regulations with the secretary of state by November 30, 2024. Otherwise, the earliest date the draft regulations could take effect is April 1, 2025.

CPPA Highlights Enforcement Priorities

Deputy Director of Enforcement Michael Macko informed the CPPA board that the CPPA will investigate businesses that (i) unnecessarily request information from consumers to verify privacy requests, (ii) sell personal information without providing consumers proper notice and opt-out mechanisms, (iii) use dark patterns to prevent consumers from asserting their privacy rights, and (iv) violate the CPPA in a way that harms vulnerable populations. Deputy Director Macko maintained that the CPPA will continue enforcement related to privacy notices and policies, the right to delete, and administrative and technical processes to comply with consumer privacy rights requests.

The CPPA reported that it is building relationships with state, federal, and international regulators, including by entering into cooperation agreements, to share investigation experiences and advance its enforcement priorities.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Alston & Bird | Attorney Advertising

Written by:

Alston & Bird
Alston & Bird
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Alston & Bird on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide