A California bill to set notification deadlines for data breaches passed the Senate unanimously on Thursday and could be headed to the governor’s desk soon. The Senate passed SB-446 on May 28 and it’s been sailing through the Assembly on consent agendas since then (see 2508200033). Meanwhile, state fiscal hawks advanced many privacy and AI bills, while holding back some others, at committee meetings Friday.
California Privacy Protection Agency (CPPA)
The California Privacy Protection Agency (CPPA) enforces California’s privacy laws and is setting the pace for state-level regulation as one of the first U.S. privacy regulators. The agency regularly issues detailed rulemaking on topics such automated decision-making, audits and risk assessments, with businesses watching closely due to CPPA enforcement and interpretation's outsized impact on national privacy expectations. This page tracks agency actions, final and draft regulations and compliance takeaways from CPPA activity.
California Gov. Gavin Newsom (D) appointed Jill Hamer to the California Privacy Protection Agency Board, the governor announced Tuesday. Hamer replaces Jeffrey Worthe, who was appointed to the California High Speed Rail Authority Board.
California legislators refined a proposed update to the California Delete Act on Tuesday. Now on third reading and awaiting a floor vote in the Assembly, SB-361 by Sen. Josh Becker (D) would require data brokers to disclose more types of personal information in their state registrations than they do now.
California privacy enforcers may soon be “counting clicks” to make sure it doesn’t take more steps for consumers to opt out than to opt in, warned privacy attorney Webb McArthur on a Hudson Cook webinar Tuesday.
California should maintain verification safeguards in its Delete Act rules, advertising groups said in comments to the California Privacy Protection Agency (CPPA) due Aug. 18 (see 2507310053).
One of the easiest requirements for enforcers to check for violations under new California Privacy Protection Agency (CPPA) rules is also simple for vigilant businesses to avoid, privacy lawyer David Stauss said during a Troutman webinar Thursday. As such, companies should immediately start displaying on websites that they are honoring universal opt-out preference signals, he said. Separately, Hintze privacy attorney Sam Castic warned that new risk assessment requirements go beyond rules in other states.
A California AI bill on algorithmic discrimination would drive costs for businesses, said more than 20 state and national associations for tech and other industries in a joint letter to the state’s Senate Appropriations Committee last week. One of the groups, the Software and Information Industry Association (SIIA), released the letter Tuesday.
It’s crunch time for the California legislature, with many privacy and AI bills nearing the finish line as lawmakers return from summer recess Monday. A few of the most potentially impactful measures for businesses cover universal opt-out preference signals, location privacy, automated decisions and so-called surveillance pricing, said privacy lawyers and consumer advocates in interviews with Privacy Daily this week.
Companies should pay particular attention to how California enforces contract requirements in the California Consumer Privacy Act, Greenberg Traurig attorney Darren Abernethy said Thursday during a TrustArc webinar.
California Privacy Protection Agency rules on automated decision-making technology (ADMT) and other subjects could receive Office of Administrative Law approval before the end of September.