The California Privacy Protection Agency (CPPA), the first and only dedicated privacy agency in the U.S., has swung into action by asking the public to submit comments related to any area on which it can issue rules. It is especially keen to hear suggestions about any regulations that it might make in accordance with the California Consumer Privacy Act 2018, which the state amended last year.
Californians decided to strengthen their existing data privacy protections last November when they voted to pass the California Privacy Rights Act 2020. The act established new rights that were similar to the ones in the European Union’s General Data Protection Regulation (GDPR) and created a new, dedicated agency to protect privacy. It also authorized the CPPA to update the existing regulations and adopt new regulations. It will come into effect in January 2023.
The agency is now seeking advice from the public about any new regulations that it might develop. It is particularly keen to hear comment about audits that it performs, cybersecurity audits, risk assessments that businesses perform and automated decision-making.
It also asks for views about consumers’ rights, including their rights to delete, correct and know the information that businesses collect, their rights to stop firms selling their personal information and their right to limit the use of sensitive personal information.
In addition, the public can submit their views about requests from consumers for information and the meanings of various terms.
The CPPA explained that this action is not a proposed rulemaking action and said that the public would have the opportunity to provide additional comments on any proposed regulations or modifications when it proceeds with a notice of proposed rulemaking action.