Just two months before the effective date (January 1, 2023) of the California Privacy Rights Act (“CPRA”), the California Privacy Protection Agency (“CPPA”) Board met on October 28 and 29 to discuss revisions to the agency’s initial draft CPRA regulations. Board members discussed a range of proposed changes that could significantly impact businesses but also reserved discussion on important topics, such as employee and business-to-business data, for future proceedings.
This post provides further details about the rulemaking process, as well as takeaways from the Board’s discussion of key substantive topics, such as restrictions on the collection of personal information and opt-out preference signals. The Board directed CPPA staff to consider and include specific modifications, as discussed below; and on November 3, the CPPA released a further revision of its proposed rules for a 15-day public comment period (the “November 3 Draft Regulations”). The deadline to submit comments is 8:00 am on Monday, November 21.
Continue Reading CPRA Rule Revisions Unlikely to be Finalized in 2022