Blog

CPPA concludes first meetings on updated CPRA Regulations

Julie Rubash, Chief Privacy Counsel
October 31, 2022

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

UNITED STATES


CPPA concludes first meetings on updated CPRA Regulations

The California Privacy Protection Agency held the first and second of three days of meetings to discuss its updated regulations under the California Privacy Rights Act.

The final day is scheduled for November 4.

This timeline is one week later than the originally-scheduled meetings, which were originally scheduled to take place October 21-22 and October 28-29.

In the meetings, the board approved the proposed modifications and directed Staff to prepare additional modifications for an additional 15-day comment period, including modifications to provisions on determining the “reasonable expectations of the consumer”, honoring opt-out preference signals, use of sensitive personal information, and giving the Agency discretion to consider the amount a time since the effective date of a requirement and a company’s “good faith efforts to comply” in enforcement of the regulations.

TAKEAWAY

With these additional modifications, the soonest the final regulations will be ready is late January 2023.

Per the board, and since further modifications are likely forthcoming, it will likely be pushed back even further.

With the CPRA going into effect January 1, 2023, this pushes companies up against a wall for their compliance efforts, especially for any efforts that require significant development work.

The board’s modification to address “good faith efforts to comply” and the timeline for compliance are intended to provide companies some assurance regarding these delays, but these assurances only give the Agency “discretion” to consider these factors, which still puts companies in a position to have at least a “good faith” solution complete by January 1. 

GLOBAL

Privacy Law Amendments Introduced in Australia Parliament

bill amending three Australian privacy laws was introduced and moved through first and second readings in the Australian Parliament.

The amendments would increase penalties for “serious or repeated interferences with privacy” and provide the Office of the Australian Information Commissioner with enhanced enforcement and information sharing powers.

The bill would also amend the extraterritorial jurisdiction of the Privacy Act to ensure foreign organizations that carry on a business in Australia must meet the obligations under the Act, even if they do not collect or hold Austrlalians’ information directly from a source in Australia.  

TAKEAWAY

Australia’s Privacy Act currently sets out 13 Australian Privacy Principles, including requirements regarding collection and handling of personal information, required disclosures to individuals, direct marketing, cross-border disclosures, security, and user rights.

The Information Commissioner’s office currently has certain assessment powers under the Privacy Act, but this bill, if passed, would significantly strengthen their enforcement powers.

The bill would also make clear an issue of extra-territorial jurisdiction that has been the subject of an ongoing dispute between the Australian Information Commissioner’s Office and Facebook. 

 

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

HHS clarifies application of HIPAA to online tracking technologies

March 26, 2024

New guidance from HHS suggests that under some conditions, using...

Sourcepoint Partners with Freestar to Provide Access to Portfolio of Leading Privacy Solutions

March 25, 2024

Sourcepoint partners with Freestar to offer top privacy solutions,...

[WEBINAR] The Evolution of “Consent or Pay”: Legal Insights and Best Practices

March 14, 2024

Explore the intricate landscape of Consent or Pay models...

Latest White Papers

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Ebook: A Publisher’s Guide to Vendor List Curation

December 16, 2021

How to review your vendor list to mitigate compliance...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]