California Privacy Protection Agency opens formal comment period on revised proposed regulations
The California Privacy Protection Agency (CPPA) opened the formal comment period on a revised draft of the automated decision-making, cybersecurity audit, and risk assessment regulations, along with updates to the existing general CCPA regulations.
This second round of formal comments will extend until June 2, 2025. The 45-day comment period represents a recognition that the revisions from the previous draft regulations and initial comment period back in November are significant enough to warrant a full comment period instead of the relatively shortened 15-day comment period permitted for more minor changes. The opening of the new public comment period also comes on the heels of a few public hearings that questioned the breadth of the original draft regulations, and subsequent revisions to the proposed regulations to reduce their impact on businesses.
The Foley Privacy and Cybersecurity team will be publishing additional overview and guidance on the proposed regulations as they progress. Please contact any partner or senior counsel on Foley’s Privacy and Cybersecurity team for more information about the impact of these proposed regulations on your business.
SACRAMENTO, CA — The California Privacy Protection Agency (CPPA) today opened the formal public comment period on the modifications to the Agency’s proposed regulations for California Consumer Privacy Act (CCPA) updates, cybersecurity audits, risk assessments, Automated Decisionmaking Technology (ADMT), and insurance companies. Public comments will be accepted until June 2, 2025, at 5 p.m. Pacific time.
View referenced article
The proposed regulations were modified through a unanimous vote during the CPPA’s May 1 Board Meeting. This new comment period allows the public to submit formal comments addressing the changes to the proposed text and the additional materials relied upon.
