In its latest proposal on risk assessment requirements, the California Privacy Protection Agency (CPPA) appears to try to seal up potential constitutional holes that took down California’s age-appropriate design code (AADC) law, Squire Patton attorney Alan Friel said in an interview last week. Ahead of a June 2 deadline to file comments (see 2505020034), privacy lawyers at many firms are combing through the latest tweaks in a highly watched rulemaking on automated decision-making technology (ADMT), changes to the California Consumer Privacy Act (CCPA) and other topics.
While the U.S. House this week moved ahead with a plan for a 10-year moratorium on AI laws, the Connecticut Senate supported a bill that would establish AI requirements. However, in the first state to enact an AI law, Colorado Gov. Jared Polis (D) supported federal preemption.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching on the title or by clicking on the hyperlinked reference number.
Making it easier to exercise privacy rights is a key priority for California Privacy Protection Agency Executive Director Tom Kemp, he blogged Thursday.
Days after an enforcement action against menswear retailer Todd Snyder, the California Privacy Protection Agency said its board ordered National Public Data to pay a $46,000 fine, the maximum allowed. The now-closed data broker failed to register as a data broker and pay an annual fee, as the California Delete Act requires, the CPPA said Thursday.
The California Privacy Protection Agency (CPPA) dressed down national menswear retailer Todd Snyder with a $345,178 fine Tuesday for alleged violations of the California Consumer Privacy Act (CCPA).
The California Privacy Protection Agency (CPPA) dressed down national menswear retailer Todd Snyder with a $345,178 fine Tuesday for alleged violations of the California Consumer Privacy Act (CCPA). Closely following CPPA action last March against Honda, the Todd Snyder case is more than an enforcement action. It also “highlights a trend by this agency of looking beyond surface compliance with the CCPA,” Wiley privacy attorney Joan Stewart told us. The agency’s board adopted the enforcement decision May 1.
Comments are due June 2 on revised draft rules for the California Privacy Protection Agency’s rulemaking on automated decision-making technology (ADMT), risk assessments, cybersecurity, insurance and other rule changes, the CPPA decided Thursday.
The CPPA is pushing ahead with a rulemaking to implement a mechanism where consumers can request to delete their personal data, Executive Director Tom Kemp told the CPPA board at a livestreamed Thursday meeting. The agency announced last week that comments in the proceeding are due June 10 and there will also be a hearing that day (see 2504250012).
California Privacy Protection Agency Chairperson Jennifer Urban raised concerns Thursday about the extent of recent changes to draft rules on automated decision-making technology (ADMT), cybersecurity and other issues. “We’ve really cut to the bone, in terms of what is in line with the statute's requirements for the regulations we need to do, and in terms of the relative value to businesses and the relative value to the people … whose personal information is at stake,” she said at a livestreamed CPPA board meeting Thursday. Staff said the new draft reduced potential business costs in the first year by nearly two-thirds.