During its September 23, 2022 board meeting, the California Privacy Protection Agency (CPPA) provided an update on the status of the ongoing California Privacy Rights Act (CPRA) rulemaking.  Since the closure of the required 45-day comment period, the agency staff have been reviewing the written and oral comments submitted by the public.  The agency will be promulgating revised regulations, which will be drafted by the staff and presented to the Board.  These revisions will be followed by an additional public comment period of 15 to 45 days depending on the scope of the revisions.

The CPPA Rulemaking Process Subcommittee also proposed a process for the Board’s review of and vote on the rules, including separate presentations by staff on (1) provisions that are part of a consent agenda (which would group non-controversial revisions to the draft rules) and (2) provisions outside of the consent agenda.  Deliberation and a vote would follow each presentation, with the assumption that only the provisions outside the consent agenda would require individual debate.  The Subcommittee suggested that deliberations may require multiple public Board meetings over several days, perhaps with breaks for staff to work on revisions or Board members to review resources.  While Board members would have the authority to draft and propose specific amendments, the Subcommittee recommended that Board members rely on staff for drafting assistance.  The proposed process prompted substantial discussion among the Board members.  Board members raised concerns including: the time commitment and burden for the Board, public, and staff; compliance with the notice requirements of the Bagley-Keene Open Meeting Act; and the role of staff, as compared to the Board.  The timing of the proposed meetings also remained unclear at the conclusion of the Board meeting, and one Board member suggested that the impact of the delayed regulations on enforcement should be docketed for discussion in a future Board meeting.