On October 21 and 22, the California Privacy Protection Agency (CPPA) Board will meet to discuss possible action regarding the proposed regulations for the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
Previously, in June 2022, the Board met to discuss revising the regulations previously released by the California Attorney General.
In advance of the October CPPA Board meeting, further proposed modifications to the regulations have been published, along with an explanation of the proposed changes.
Some of the more significant changes include:
- Revised Section 7002 regarding the “Restrictions on the Collection and Use of Personal Information” to clarify specific requirements. The revision sets forth factors to be considered in evaluating the collection and use including: (1) the reasonable expectations of a consumer concerning the purpose for which personal information is collected or processed, (2) the purposes that are compatible with the context in which the personal information is collected, and (3) whether collecting or processing personal information is reasonably necessary and proportionate to achieve those purposes.
- Revised Section 7004 regarding the “Requirements for Methods for Submitting CCPA Requests and Obtaining Consumer Consent” to explain how different user interfaces can impair or interfere with consumers’ choice and can fail to meet the definition of consent under the Civil Code.
- Also revised Section 7004 (a)(2) to clarify that the symmetry in choice principle also considers whether different paths are more difficult or time-consuming.
- Revised Section 7052 regarding “Third Parties” to clarify that third parties are contractually required to treat the personal information that businesses make available to them, in the same manner, the business is required to treat it under the CCPA.
It is possible that at the October meeting, the CPPA could elect to adopt the modified regulations or choose to make further changes.
Jackson Lewis will continue to track information related to privacy regulations and related issues. For additional information on the CPRA, please reach out to a member of our Privacy, Data, and Cybersecurity practice group.