Monday, 23 December 2024

California Privacy Protection Agency- Recent Video Conference

On March 29 and March 30, 2022, the California Privacy Protection Agency (“CPPA”) held via video conference two public pre-rulemaking informational sessions regarding the California Privacy Rights Act (“CPRA”). During the sessions, members of the California Attorney General’s Office and various privacy and cybersecurity experts led discussions on topics such as the sale and sharing of personal information, dark patterns, data privacy impact assessments, cybersecurity audits, and automated decision-making. The CPPA Board has not at this time responded to the views expressed by the experts at the meetings.

Objectives

The goal of the first meeting on March 29 was to provide an overview of personal information and the CPRA. Among other highlights, Supervising Deputy Attorney General Stacey Schesser advocated for the retention of the current California Consumer Privacy Act regulations (“CCPA Regulations”) regarding user-enabled global privacy controls. The existing CCPA Regulations provide that businesses must treat user-enabled global privacy controls as a valid request to opt-out of the sale of personal information. Relatedly, Deputy Attorney General Lisa Kim posited that the CPRA’s right to opt-out of sharing for cross-context behavioral advertising applies to real-time bidding in advertising auctions and recommended that businesses give consumers the right to opt-out of these auctions.

The second meeting on March 30 focused on risk assessments and consumer rights concerning automated decision-making under the CPRA. UCLA Professor Safiya Noble highlighted the importance of addressing structural racism when developing rules and technologies related to automated decision-making. During a later presentation, Andrew Selbst, professor at UCLA School of Law, advocated for transparency in automated decision-making among developers, consumers, and regulators.

Future Proceedings

Under the CPRA and its forthcoming regulations, businesses will need to regularly submit to the CPPA a risk assessment regarding their processing of personal information. The assessment must consider whether the processing involves sensitive personal information, and must identify and weigh the risks and benefits of the processing to the business, the consumer, the public, and other stakeholders.

Direct Publication Source: https://www.huntonprivacyblog.com/2022/04/15/california-privacy-protection-agency-holds-informational-sessions-and-announces-stakeholder-meetings/

Comments


You May Like These Too


Get Latest Updates