On April 4, 2025, the California Privacy Protection Agency (CPPA) Board met to discuss the latest draft California Consumer Privacy Act (CCPA) regulations related to cybersecurity audits, risk assessments, automated decision-making technology (ADMT), and an assortment of other updates to existing regulations. These revisions come after the CPPA first released draft regulations on these topics in July 2024 and initiated the formal rulemaking in November 2024, as analyzed in a prior alert. The board meeting turned out to be quite contentious, with board member Alastair Mactaggart emphasizing some of the serious concerns raised in the unusually large volume of public comments—totaling 630 comments and 1,664 pages of feedback—expressing his own concerns that those comments lay out “the very explicit blueprints” for others to challenge the constitutionality of the draft regulations. Ultimately, the Board provided extensive feedback on the draft regulations to CPPA staff, going beyond the issues that staff had prepared for discussion.
Latest Post
More Posts
Lessons from the CPPA’s $632,500 Settlement with Connected Vehicle Manufacturer
CPPA Votes Out Proposed Delete Request and Opt-Out Platform (DROP) Data Broker Regulations
Draft California AI Regulations Become One Step Closer to Reality: An Analysis of Requirements on the Horizon
California Enacts One-Stop Mechanism for Data Broker Deletion Requests
CPPA Posts Draft Rules on Cybersecurity Audits and Risk Assessments
Texas, Oregon, and Delaware Join the Comprehensive U.S. State Privacy Law Landscape
Sacramento Superior Court Delays Enforcement of CPRA Implementing Regulations
Are You Ready for the 3Cs?: California, Colorado, and Connecticut’s New Privacy Laws Become Enforceable July 1, 2023
FTC Announces Proposed Settlement with Premom Fertility Tracking App for Privacy Practices
Subscribe: Subscribe via RSS
Blogs
Firm/Org