CPPA Invites Comments On Various Privacy Topics

The California Privacy Rights and Enforcement Act ("CPRA"), formerly known as Proposition 24, passed on November 3, 2020. The CPRA is intended to supplement privacy protections for Californians that were first established by the California Consumer Privacy Act ("CCPA"). The CPRA will be effective January 1, 2023 with a July 1, 2023 enforcement date. We have previously written about the CPRA and the CCPA.

Among other provisions, the CPRA created the California Privacy Protection Agency ("Agency"). The Agency is tasked with the responsibility for updating existing CCPA regulations issued by the California Attorney General's Office and adopting new regulations for CPRA provisions.

On September 22, 2021, the Agency asked for the first round of public comments as part of the preliminary rulemaking process. The full Invitation for Preliminary Comments can be found here. There is no proposed rulemaking action at this time; rather, stakeholders are invited to comment on any topic pertaining to California data privacy law. The CPPA Agency asked for comments on several specific topics. There will also be at least one additional opportunity for public comment as part of the rulemaking process before any regulations are finalized.

The eight specific topics the CPPA Agency requested comments on are:

1. Processing that presents a significant risk to consumers' privacy or security: cybersecurity audits and risk assessments performed by businesses
2. Automated decision-making
3.  Audits performed by the Agency
4. Consumers' right to delete, right to correct, and right to know
5. Consumers' rights to opt-out of the selling or sharing of their personal information and to limit the use and disclosure of their sensitive personal information
6. Consumers' rights to limit the use and disclosure of sensitive personal information
7. Information to be provided in response to a consumer request to know (specific pieces of information)
8. Clarifications to definitions and categories under CCPA and CPRA

The Agency also requested any additional comments that may relate to the Agency's initial rulemaking. The Agency asks that all stakeholders submit comments by Monday, November 8, 2021. 

Comments may be submitted via email to regulations@cppa.ca.gov with "PRO 01-21" in the subject line, or via mail to:

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.