The California Privacy Protection Agency (“CPPA”) held a board meeting on May 26th, 2022. At the meeting, Executive Director Ashkan Soltani, Acting General Counsel Brian Soublet, and members of the Board offered insight into the following key topics:

  • Bifurcation of CPRA Rulemaking Process: The Board’s CPRA Rules Subcommittee indicated that the CPPA’s rulemaking process will be split across multiple packages of rules. The first rulemaking package will prioritize procedural rules that must be put in place prior to the commencement of enforcement activities on July 1st, 2022. It will include draft rules related to administrative enforcement, the CPPA’s audit authority, and probable cause hearings. It will not include rules covering cybersecurity audits, privacy risk assessments, or automated decision making and profiling. Subsequent rulemaking packages will address those three topics and potentially others as well. The Board members did not give any indication as to how this divided rulemaking process might impact the timeline for completion of rulemaking.
  • CPPA Rulemaking Process: The Board’s Rulemaking Process Subcommittee presented a loose overview of the CPPA’s public meeting schedule for the upcoming rulemaking (slides here).
    • The Board will discuss the rules in greater depth at a second meeting, which the Board decided should be scheduled to allow public comment. One of the Board’s objectives at this meeting will be to identify areas of uncertainty where public comment would be particularly helpful.
    • Additional meetings will be held as needed to facilitate Board discussion of changes and updates to the proposed rules. These meetings may include presentations by experts and CPPA staff.
    • Once this revision process has concluded, the Board will hold a final meeting to discuss the Final Statement of Reasons and vote to approve the filing of the package of rules with the California Office of Administrative Law.
  • Updates to CCPA Rules: The Board’s Update of CCPA Rules Subcommittee discussed efforts to update CCPA rules to bring them in line with the CPRA. These revisions will amend existing rules to integrate new consumer rights, dark pattern requirements, and definitional changes introduced by the CPRA. They may also reorganize parts of the existing regulations to make them more readable to businesses and members of the public.
  • CPPA Operations and Internal Management The agency is staffing up, including by hiring Maureen Mahoney, formerly of Consumer Reports, as Deputy Director of Policy and Legislation.

At the close of the meeting, Board members indicated an intent to revisit the role of subject-matter subcommittees and consider the substance of proposed rules in subsequent meetings.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the…

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the U.S. Congress, and other federal and state regulators on a proactive basis, she has experience helping clients respond to informal investigations and enforcement actions, including by self-regulatory bodies such as the Digital Advertising Alliance and Children’s Advertising Review Unit.

Ms. Tonsager’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, behavioral advertising, e-mail marketing, artificial intelligence the processing of “big data” in the Internet of Things, spectrum policy, online accessibility, compulsory copyright licensing, telecommunications and new technologies.

Ms. Tonsager also conducts privacy and data security diligence in complex corporate transactions and negotiates agreements with third-party service providers to ensure that robust protections are in place to avoid unauthorized access, use, or disclosure of customer data and other types of confidential information. She regularly assists clients in developing clear privacy disclosures and policies―including website and mobile app disclosures, terms of use, and internal social media and privacy-by-design programs.

Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports…

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state privacy laws, including the California Consumer Privacy Act and California Privacy Rights Act.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations.