Background
Yesterday, on September 22, 2021, the California Privacy Protection Agency (“CPPA”) — the new privacy regulatory agency created by the California Privacy Rights Act of 2020 (“CPRA” or “CCPA 2.0”) — issued an invitation for public comment on its proposed rulemaking. Such comments “will assist the Agency in developing new regulations, determining whether changes to existing regulations are necessary, and achieving the law’s regulatory objectives in the most effective manner.” Thus, the CPPA invites stakeholders to propose specific language for new regulations or changes to existing ones.
This invitation for comments is not a proposed rulemaking, but an invitation for comment generally as a part of the agency’s preliminary rulemaking activities. Stakeholders will have additional opportunities to comment on any specific proposed rulemaking actions that may be issued in the future.
Topic Areas for Comment
The CPPA’s invitation includes several pages of specific questions, each categorized under the following topic areas:
- Processing that Presents a Significant Risk to Consumers’ Privacy or Security: Cybersecurity Audits and Risk Assessments Performed by Businesses
- Automated Decisionmaking
- Audits Performed by the Agency (CPPA)
- Consumers’ Right to Delete, Right to Correct, and Right to Know
- Consumers’ Rights to Opt Out of the Selling or Sharing of Their Personal Information and to Limit the Use and Disclosure of their Sensitive Personal Information
- Consumers’ Rights to Limit the Use and Disclosure of Sensitive Personal Information
- Information to Be Provided In Response to a Consumer Request to Know (Specific Pieces of Information)
- Definitions and Categories
- Additional Comments
How to Submit Comments
Interested parties must submit comments by Monday, November 8, 2021. Comments may be submitted via mail or via email to regulations@cppa.ca.gov as specified in the invitation.
To view the invitation for comment and the specific questions listed in the categories above, please click here.