The five members of the California Privacy Protection Agency (“CPPA”) were announced today. The members – who were appointed by Governor Newsom, Attorney General Becerra, Senate President pro Tempore Atkins, and Assembly Speaker Rendon – will lead the new agency, which will have rulemaking and enforcement authority under the California Privacy Rights Act (“CPRA”).
The new agency will issue regulations on a wide range of issues, including (for example):
- Identifying the purposes for which service providers and contractors may use consumers’ personal information;
- Specifying when businesses must perform cybersecurity audits and submit assessments to the CPPA;
- Governing access and opt-out rights with respect to automated-decision making technology, including profiling;
- Defining the requirements and technical specifications for any opt-out preference signal; and
- Clarifying when consent is ineffective due to use of “dark patterns,” defined as “a user interface designed or manipulated with the substantial effect of subverting or impairing user autonomy, decision-making, or choice.”
The rulemaking must be complete by July 1, 2022.