The California Privacy Protection Agency won't make further significant changes to proposed rules in a controversial rulemaking on automated decision-making technology (ADMT) and other subjects, according to a draft released Tuesday. Meanwhile, in a proceeding on creating a data-deletion mechanism, the agency proposed several clarifications on data broker responsibilities. The CPPA posted those and other materials ahead of Thursday’s scheduled board meeting (see 2507110055).
The California Privacy Protection Agency Board might act later this month on pending proceedings related to automated decision-making technology (ADMT) and establishing a data deletion mechanism.
Senate Commerce Committee Democrats on Monday circulated updated text proposed by Chairman Ted Cruz, R-Texas, for an AI regulation moratorium (see 2506170054). The Senate Parliamentarian on Saturday approved the text under the Byrd rule, officially attaching the proposal to the budget reconciliation package.
California Privacy Protection Agency draft rules for making a data deletion mechanism required by the state’s Delete Act exceed the law’s scope and one requirement may be unconstitutional, the Software & Information Industry Association (SIIA) said in comments at the CPPA.
The California Assembly on Thursday approved a bill that would require web browsers to include a setting that consumers could activate to automatically opt out of the sale or sharing of their personal data and limit the use of their sensitive personal information. AB-566 passed on a 53-1 vote and now heads to the Senate.
As the California Privacy Protection Agency ramps up enforcement, it will “telegraph” how it plans to enforce the state’s privacy law and will act in ways that aren’t far from what other states would do, CPPA Executive Director Tom Kemp said in a wide-ranging interview Wednesday with Privacy Daily. In addition, Kemp panned Congress’ proposed 10-year moratorium on state AI regulation while saying the agency is being careful about what aspects of AI may come under its jurisdiction.
A California bill requiring support for universal opt-out signals would no longer apply to mobile operating systems (MOS) under an amendment to AB-566 that the Assembly adopted on Monday. Assemblymember Josh Lowenthal's (D) legislation awaits an Assembly floor vote. It cleared the Appropriations Committee last month (see 2505230062).
Consumer and labor groups condemned May 9 revisions to California Privacy Protection Agency (CPPA) draft rules on automated decision-making technology (ADMT) and other California Consumer Privacy Act (CCPA) issues. The changes “represent significant concessions by the Agency and its board to a campaign of industry pressure,” civil society groups said in comments at the agency this week.
With few public details about states' privacy consortium, lawyers are questioning what the group's formation means for enforcement and fines in the future. April's announcement could be another sign that enforcement is increasing -- and more reason for companies to bolster compliance efforts, said multiple attorneys who work in privacy or commonly defend businesses facing state investigations.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.