Businesses should map their automated decision-making technology (ADMT), review and revise privacy policies, plan for cybersecurity audits and review vendor contracts in response to California Privacy Protection Agency rules adopted July 24, some privacy law practices advised in recent client alerts. The rules are expected to be finalized without changes shortly.
Minnesota's comprehensive privacy law that took effect Thursday uniquely requires companies to allow consumers to question their automated decisions. The law also includes uncommon requirements about material changes to privacy polices and giving lists of third parties to consumers. While companies will also for the first time face requirements such as having to conduct data inventories and appoint chief privacy officers, many of the law's stipulations are already best practices, privacy lawyers told us.
President Donald Trump’s possible health-tracking system with Big Tech companies should increase the urgency for New York Gov. Kathy Hochul (D) to sign a health data privacy bill that passed the state legislature months ago, Assemblymember Linda Rosenthal (D) said in a Wednesday interview with Privacy Daily: “I will bring it to” the governor's office’s “attention today.”
Colorado plans to forego a mandate that companies verify users' ages in a rulemaking that updates the state’s comprehensive privacy law. But when enforcing kids privacy restrictions, the state's attorney general could consider companies’ use of age-estimation technologies, said draft rules released Tuesday.
Wisconsin Rep. Shannon Zimmerman (R) aims to fast-track comprehensive privacy legislation when state legislators return from summer recess, he said in an interview last week with Privacy Daily. The lawmaker is hopeful that he will find bipartisan support and that the bill will pass in 2025 after it hit roadblocks in prior legislative sessions, he said.
Businesses should start thinking now about complying with new data-protection regulations approved Thursday by the California Privacy Protection Agency (CPPA), privacy attorneys said immediately afterward in blogs and LinkedIn posts. While consumer privacy advocates slammed the rules as weak, one acknowledged they still give California a lead over other U.S. states.
The California Privacy Protection Agency will soon take 15 days of comments on revised draft rules for implementing a data-deletion mechanism under the California Delete Act, the five-person CPPA board decided unanimously during a partially virtual meeting Thursday. The agency expects to extensively test the system to work out any kinks before data brokers start accessing it in August 2026, said General Counsel Philip Laird.
The California Privacy Protection Agency approved rules on automated decision-making technology (ADMT) and other subjects at a partially virtual meeting Thursday. CPPA Board members voted 5-0 to clear the rulemaking package, which also covers risk assessments, cybersecurity audits, insurance and updates to California Consumer Privacy Act (CCPA) regulations.
A consumer advocacy group that sponsored the California Delete Act offered a mostly positive assessment of the California Privacy Protection Agency’s latest draft of rules for implementing a data deletion mechanism. Concerns linger that data brokers may try to shirk the requirements, said Emory Roane, Privacy Rights Clearinghouse associate director of policy, in an email to Privacy Daily. However, the CPPA’s new draft answers key questions about ensuring the Delete Request and Opt-Out Platform (DROP) will work effectively when it opens to consumers Jan. 1 and data brokers on Aug. 1, 2026.
The California Privacy Protection Agency won't make further significant changes to proposed rules in a controversial rulemaking on automated decision-making technology (ADMT) and other subjects, according to a draft released Tuesday. Meanwhile, in a proceeding on creating a data-deletion mechanism, the agency proposed several clarifications on data broker responsibilities. The CPPA posted those and other materials ahead of Thursday’s scheduled board meeting (see 2507110055).