The five members of the California Privacy Protection Agency (“CPPA”) were announced today.  The members – who were appointed by Governor Newsom, Attorney General Becerra, Senate President pro Tempore Atkins, and Assembly Speaker Rendon – will lead the new agency, which will have rulemaking and enforcement authority under the California Privacy Rights Act (“CPRA”).

The new agency will issue regulations on a wide range of issues, including (for example):

  • Identifying the purposes for which service providers and contractors may use consumers’ personal information;
  • Specifying when businesses must perform cybersecurity audits and submit assessments to the CPPA;
  • Governing access and opt-out rights with respect to automated-decision making technology, including profiling;
  • Defining the requirements and technical specifications for any opt-out preference signal; and
  • Clarifying when consent is ineffective due to use of “dark patterns,” defined as “a user interface designed or manipulated with the substantial effect of subverting or impairing user autonomy, decision-making, or choice.”

The rulemaking must be complete by July 1, 2022.