SAN FRANCISCO â The California Privacy Protection Agency (CPPA) Board voted on November 8 to adopt new regulations regarding data broker registration requirements. In addition, the board voted to advance the proposed rulemaking package for insurance, cybersecurity audits, risk assessments, automated decision-making technology (ADMT), and updates to existing regulations, to the formal rulemaking process.
The data broker registration regulations will next be filed with the Office of Administrative Law for review and approval. If approved, the regulations will become effective by January 1, 2025. The larger rulemaking package, which includes provisions implementing consumersâ rights with respect to ADMT, will move to a 45-day formal public comment period, commencing the formal rulemaking stage for the proposal.
âThe advancement of each of these regulation packages is crucial for protecting Californianâs privacy rights,â said Executive Director Ashkan Soltani, âTechnology is evolving at a record pace, and we must innovate and evolve as well. The boardâs vote today is an important next step in the Agencyâs mission, and I applaud the care and thoughtfulness that went into developing the draft rules.â
Data Broker Regulations
The newly adopted regulations clarify provisions in the Delete Act, which requires data brokers to register with the CPPA.
âAfter administering the data broker registration process for the first time in January of this year, we determined that more clarity was needed,â said General Counsel Philip Laird. âThese rules refine the procedures for data brokers and increase public awareness.â
The newly adopted data broker regulations include provisions to:
Separately, the Board also voted to adjust the data broker registration fee for the January 2025 registration period to cover the costs to develop and maintain the registry and the deletion mechanism as directed by the Legislature.
A copy of the proposed regulations can be found on the Agencyâs website.
Rulemaking for Insurance, Cybersecurity Audits, Risk Assessments and ADMT
The Board has also voted to move proposed regulations for insurance, cybersecurity audits, risk assessments, and ADMT into formal rulemaking.
The proposed rulemaking package:
The proposed regulations are based on several years of preliminary rulemaking activities, including receiving written comments from the public, hosting public stakeholder sessions through the state, and meeting with stakeholders to receive invaluable feedback.
The package now moves into the formal rulemaking process, where the public will have the opportunity to provide formal written and oral comments to CPPA on the regulations. After receiving public comments, the Board will have additional opportunities to discuss and potentially update the proposed rules.
Visit CPPAâs Laws & Regulations webpage to learn more about the rulemaking process.
About Us
The California Privacy Protection Agency (CPPA) is committed to promoting the education and awareness of consumersâ privacy rights and businessesâ responsibilities under the California Consumer Privacy Act.
Individuals can visit privacy.ca.gov to access helpful and up-to-date information on how to exercise their rights and protect their personal information. In addition, the Agencyâs website provides important information about CPPA board meetings, announcements, and the rulemaking process.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.3