CPPA Board Clears Controversial Rules on Automated Decisions
The California Privacy Protection Agency approved rules on automated decision-making technology and other subjects at a partially virtual meeting Thursday. CPPA Board members voted 5-0 to clear the rulemaking package, which also covers risk assessments, cybersecurity audits, insurance and updates to California Consumer Privacy Act (CCPA) regulations.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Earlier this week, CPPA staff said the agency wouldn't make further changes to draft regulations in the controversial rulemaking (see 2507220043). Thursday’s CPPA Board approval allows staff to submit the rulemaking package to the California Office of Administrative Law, which, in turn, will have 30 business days to decide if the rules may become final.
Chair Jennifer Urban supported the proposed regulations: “They are strong. They are reasonable. They are clear.”
Board member Drew Liebert expects "all sides will still have a lot of unhappiness” with the rules, but the test can't be to make everyone happy, he said. “We were required to do our best and to keep improving these regulations, and we will do so.”