Blog

CPPA Publishes Proposed Deletion Mechanism / Draft Regulations

Julie Rubash, General Counsel and Chief Privacy Officer
September 30, 2024
CPPA Publishes Proposed Deletion Mechanism / Draft Regulations

UNITED STATES

CPPA Publishes Proposed Deletion Mechanism / Draft Regulations

Ahead of the October 4 board meeting, the California Privacy Protection Agency published for discussion: (1) a presentation detailing a proposed Delete Request and Opt-Out Platform (DROP); (2) data broker registration draft text; (3) updated proposed regulations governing risk assessments and automated decision-making (ADMT), among other matters; and (4) a list of potential future rulemaking topics.

Cover memos accompanying the materials included recommendations that the proposed risk assessment and ADMT regulations, which contain minimal updates from the latest July version, be advanced to formal rulemaking and that the data broker registration text, which has already gone through formal rulemaking, be adopted for codification before the upcoming January 1, 2025 registration cycle. The DROP presentation is not accompanied by draft regulations or explanatory materials. 

TAKEAWAY

The proposed DROP system, which the CPPA is required to make available to consumers by January 1, 2026 pursuant to the Delete Act, would allow consumers to submit deletion requests to individual or ALL registered data brokers through a central mechanism maintained by the CPPA. Consumers would be required to submit at least their email address and could optionally submit additional identifiers, such as their name, phone number, address, DOB and pseudonymous identifiers like MAIDs. Data brokers would query relevant lists (email, phone, MAID) via API every 45 days, process relevant requests and provide an update to the CPPA.


Some notable topics in the “potential future rulemaking” list include requiring specific disclosures for mobile apps to be accessible in the app store prior to downloading, requiring the notice to opt-out of sale/sharing within mobile apps prior to or upon their use, and providing model notices and other disclosures.

EUROPE

CNIL Publishes Final Recommendations for Mobile Apps

The French Data Protection Authority (CNIL) published the final version of its recommendations for mobile app privacy following a public consultation. The recommendations were accompanied by a statement that, starting early Spring 2025, the CNIL will begin monitoring mobile applications to ensure compliance with the rules.

TAKEAWAY

Of note, the recommendations stress that the publisher must ensure that the rights of individuals are respected “even when their practical implementation depends on a third party” and recommends providing users with a rights management center within the application where all rights can be exercised. The recommendations also emphasize that the use of a CMP, in addition to OS-provided permissions, may be necessary where the OS permissions don’t meet the requirements set by the GDPR (e.g., where certain purposes or controllers are not covered by the permission or where withdrawing consent is not as easy as giving it) but cautions that, where choices expressed in the permissions and the CMP differ for the same purpose, consent cannot be considered validly given.

Check out our CMP solution for mobile apps. Capture and syndicate user preferences to comply with privacy regulations like GDPR and various U.S. state privacy laws, and industry frameworks like the IAB’sTCF with Sourcepoint’s CMP for mobile apps.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

New Privacy Requirements Took Effect October 1 In Three States

October 7, 2024

New Privacy Requirements Took Effect In Montana, Maryland &...

[WEBINAR] Consent is not enough: Protecting against new U.S. privacy litigation risks

October 2, 2024

Join Sourcepoint and privacy litigation expert Matthew Pearson, Partner...

How Haymarket Uses Sourcepoint to Manage Vendor Compliance

October 1, 2024

Haymarket sought to elevate their level of compliance by...

Latest White Papers

E-book: Enterprise Guide To Cookie management & Tracker List Curation

July 1, 2024

How to review the tracking tech on your websites...

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]