The California Privacy Protection Agency (“CPPA”) held a board meeting on May 26th, 2022. At the meeting, Executive Director Ashkan Soltani, Acting General Counsel Brian Soublet, and members of the Board offered insight into the following key topics:

  • Bifurcation of CPRA Rulemaking Process: The Board’s CPRA Rules Subcommittee indicated that the CPPA’s rulemaking process will be split across multiple packages of rules. The first rulemaking package will prioritize procedural rules that must be put in place prior to the commencement of enforcement activities on July 1st, 2022. It will include draft rules related to administrative enforcement, the CPPA’s audit authority, and probable cause hearings. It will not include rules covering cybersecurity audits, privacy risk assessments, or automated decision making and profiling. Subsequent rulemaking packages will address those three topics and potentially others as well. The Board members did not give any indication as to how this divided rulemaking process might impact the timeline for completion of rulemaking.
  • CPPA Rulemaking Process: The Board’s Rulemaking Process Subcommittee presented a loose overview of the CPPA’s public meeting schedule for the upcoming rulemaking (slides here).
    • The Board will discuss the rules in greater depth at a second meeting, which the Board decided should be scheduled to allow public comment. One of the Board’s objectives at this meeting will be to identify areas of uncertainty where public comment would be particularly helpful.
    • Additional meetings will be held as needed to facilitate Board discussion of changes and updates to the proposed rules. These meetings may include presentations by experts and CPPA staff.
    • Once this revision process has concluded, the Board will hold a final meeting to discuss the Final Statement of Reasons and vote to approve the filing of the package of rules with the California Office of Administrative Law.
  • Updates to CCPA Rules: The Board’s Update of CCPA Rules Subcommittee discussed efforts to update CCPA rules to bring them in line with the CPRA. These revisions will amend existing rules to integrate new consumer rights, dark pattern requirements, and definitional changes introduced by the CPRA. They may also reorganize parts of the existing regulations to make them more readable to businesses and members of the public.
  • CPPA Operations and Internal Management The agency is staffing up, including by hiring Maureen Mahoney, formerly of Consumer Reports, as Deputy Director of Policy and Legislation.

At the close of the meeting, Board members indicated an intent to revisit the role of subject-matter subcommittees and consider the substance of proposed rules in subsequent meetings.

Tags: California Consumer Privacy Act (CCPA), California Privacy Rights Act, CCPA, CPPA, CPRA
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.

Read more about Lindsey TonsagerEmail
Show more Show less
Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws.

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state laws, including the California Consumer Privacy Act, the Colorado AI Act, and other state laws. As part of her practice, she also regularly represents clients in strategic transactions involving personal data, cybersecurity, and artificial intelligence risk and represents clients in enforcement and litigation postures.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations. 

Chambers USA 2024 ranks Libbie in Band 3 Nationwide for both Privacy & Data Security: Privacy and Privacy & Data Security: Healthcare. Chambers USA notes, Libbie is “incredibly sharp and really thorough. She can do the nitty-gritty, in-the-weeds legal work incredibly well but she also can think of a bigger-picture business context and help to think through practical solutions.”

Read more about Libbie CanterEmail
Show more Show less