Blog

CPPA concludes first meetings on updated CPRA Regulations

Julie Rubash, Chief Privacy Counsel
October 31, 2022

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

UNITED STATES


CPPA concludes first meetings on updated CPRA Regulations

The California Privacy Protection Agency held the first and second of three days of meetings to discuss its updated regulations under the California Privacy Rights Act.

The final day is scheduled for November 4.

This timeline is one week later than the originally-scheduled meetings, which were originally scheduled to take place October 21-22 and October 28-29.

In the meetings, the board approved the proposed modifications and directed Staff to prepare additional modifications for an additional 15-day comment period, including modifications to provisions on determining the “reasonable expectations of the consumer”, honoring opt-out preference signals, use of sensitive personal information, and giving the Agency discretion to consider the amount a time since the effective date of a requirement and a company’s “good faith efforts to comply” in enforcement of the regulations.

TAKEAWAY

With these additional modifications, the soonest the final regulations will be ready is late January 2023.

Per the board, and since further modifications are likely forthcoming, it will likely be pushed back even further.

With the CPRA going into effect January 1, 2023, this pushes companies up against a wall for their compliance efforts, especially for any efforts that require significant development work.

The board’s modification to address “good faith efforts to comply” and the timeline for compliance are intended to provide companies some assurance regarding these delays, but these assurances only give the Agency “discretion” to consider these factors, which still puts companies in a position to have at least a “good faith” solution complete by January 1. 

GLOBAL

Privacy Law Amendments Introduced in Australia Parliament

bill amending three Australian privacy laws was introduced and moved through first and second readings in the Australian Parliament.

The amendments would increase penalties for “serious or repeated interferences with privacy” and provide the Office of the Australian Information Commissioner with enhanced enforcement and information sharing powers.

The bill would also amend the extraterritorial jurisdiction of the Privacy Act to ensure foreign organizations that carry on a business in Australia must meet the obligations under the Act, even if they do not collect or hold Austrlalians’ information directly from a source in Australia.  

TAKEAWAY

Australia’s Privacy Act currently sets out 13 Australian Privacy Principles, including requirements regarding collection and handling of personal information, required disclosures to individuals, direct marketing, cross-border disclosures, security, and user rights.

The Information Commissioner’s office currently has certain assessment powers under the Privacy Act, but this bill, if passed, would significantly strengthen their enforcement powers.

The bill would also make clear an issue of extra-territorial jurisdiction that has been the subject of an ongoing dispute between the Australian Information Commissioner’s Office and Facebook. 

 

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

FTC rulemaking and CPRA comment periods close

November 28, 2022

Comments from the News/Media Alliance requested that any FTC...

Google settles in multi-state location tracking suit

November 21, 2022

Google settled a multistate privacy lawsuit with 40 state Attorneys General based...

Colorado Posts Public Comments to CPA Draft Rules

November 14, 2022

The Data Protection and Digital Information Bill, which was...

Latest White Papers

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Ebook: A Publisher’s Guide to Vendor List Curation

December 16, 2021

How to review your vendor list to mitigate compliance...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]