Cloud Hosting

On July 8, 2022, the California Privacy Protection Agency (the CPPA) officially began the formal rulemaking process for the California Privacy Rights Act (CPRA).The CPPA identified three primary goals for the rulemaking:

The CPPA already released an initial draft of the proposed amendments to the CCPA regulations back in May, which addressed some, but not all, of the rulemaking topics in the CPRA. This round of regulations, excluded discussion of restrictions for automated decision-making, cybersecurity audits, and data protection risk assessments.The announcement of the initiation of the rulemaking process, did, however, include an Initial Statement of Reasons, which explains the CPPAs rationale behind each of the changes.

These proposed amendments are now open for public comment. Written comments must be submitted by August 23rd. Given that several of the proposed amendments arguably go beyond the text of the CPRA, we expect comments will focus on questions of regulatory overreach and will set the stage for potential litigation. That said, these draft regulations provide useful insights into how the CPPA will interpret the CPRA and provides companies a helpful compliance steer six months before the law goes into effect.

Here are the key highlights from the proposed regulations:

Businesses must comply with the regulations by January 1, 2023. Given the differences between the draft CPRA regulations and existing CCPA regulations, businesses should begin preparing to update their current privacy policies and procedures to be in compliance by January 1, 2023.

[View source.]

Here is the original post:
Here we go again: The CPPA kicks off the formal rulemaking for the CPRA - JD Supra