CPPA concludes first meetings on updated CPRA Regulations

Julie Rubash, Chief Privacy Counsel
October 31, 2022

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.


CPPA concludes first meetings on updated CPRA Regulations

The California Privacy Protection Agency held the first and second of three days of meetings to discuss its updated regulations under the California Privacy Rights Act.

The final day is scheduled for November 4.

This timeline is one week later than the originally-scheduled meetings, which were originally scheduled to take place October 21-22 and October 28-29.

In the meetings, the board approved the proposed modifications and directed Staff to prepare additional modifications for an additional 15-day comment period, including modifications to provisions on determining the “reasonable expectations of the consumer”, honoring opt-out preference signals, use of sensitive personal information, and giving the Agency discretion to consider the amount a time since the effective date of a requirement and a company’s “good faith efforts to comply” in enforcement of the regulations.


With these additional modifications, the soonest the final regulations will be ready is late January 2023.

Per the board, and since further modifications are likely forthcoming, it will likely be pushed back even further.

With the CPRA going into effect January 1, 2023, this pushes companies up against a wall for their compliance efforts, especially for any efforts that require significant development work.

The board’s modification to address “good faith efforts to comply” and the timeline for compliance are intended to provide companies some assurance regarding these delays, but these assurances only give the Agency “discretion” to consider these factors, which still puts companies in a position to have at least a “good faith” solution complete by January 1. 


Privacy Law Amendments Introduced in Australia Parliament

bill amending three Australian privacy laws was introduced and moved through first and second readings in the Australian Parliament.

The amendments would increase penalties for “serious or repeated interferences with privacy” and provide the Office of the Australian Information Commissioner with enhanced enforcement and information sharing powers.

The bill would also amend the extraterritorial jurisdiction of the Privacy Act to ensure foreign organizations that carry on a business in Australia must meet the obligations under the Act, even if they do not collect or hold Austrlalians’ information directly from a source in Australia.  


Australia’s Privacy Act currently sets out 13 Australian Privacy Principles, including requirements regarding collection and handling of personal information, required disclosures to individuals, direct marketing, cross-border disclosures, security, and user rights.

The Information Commissioner’s office currently has certain assessment powers under the Privacy Act, but this bill, if passed, would significantly strengthen their enforcement powers.

The bill would also make clear an issue of extra-territorial jurisdiction that has been the subject of an ongoing dispute between the Australian Information Commissioner’s Office and Facebook. 


Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

Unlimited Data Export for Easier Privacy Audits and CMP Disclosures

July 12, 2024

Keeping track of all your tracking technology partners to...

What is Global Privacy Control? Frequently Asked Questions

July 9, 2024

How does Global Privacy Control work? How is it...

Comprehensive Privacy Laws Take Effect in Texas and Oregon

July 9, 2024

Now in effect: privacy laws in Texas, Oregon, and...

Latest White Papers

E-book: Enterprise Guide To Cookie management & Tracker List Curation

July 1, 2024

How to review the tracking tech on your websites...

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]