At the start of June, the California Privacy Protection Agency (CPPA), the agency tasked with implementing and enforcing the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act (CCPA), voted to begin the rulemaking process.
On July 8, 2022, the CPPA officially began the formal rule-making process to adopt proposed regulations implementing the CPRA by releasing the notice of proposed rulemaking. The CPPA stated the proposed regulations are intended to: “(1) update existing CCPA regulations to harmonize them with CPRA amendments to the CCPA; (2) operationalize new rights and concepts introduced by the CPRA to provide clarity and specificity to implement the law; and (3) reorganize and consolidate requirements set forth in the law to make the regulations easier to follow and understand.”
The notice also indicates that the CPPA will not be promulgating rules on cybersecurity audits or automated decision-making technology at this time.
A hearing on the proposed regulations is scheduled to occur on August 24 and 25, 2022. Written comments on the proposed regulations must be submitted in advance of the public hearing on August 23, 2022. Comments can be submitted by email to firstname.lastname@example.org or by mail to The California Privacy Protection Agency, Attn: Brian Soublet, 2101 Arena Blvd., Sacramento, CA 95834.
Jackson Lewis will continue to track information related to privacy regulations and related issues. For additional information on the CPRA, please reach out to a member of our Privacy, Data, and Cybersecurity practice group.