Summary
The California Privacy Protection Agency (CPPA) has approved significantly revised regulations regarding automated decision-making tools, cybersecurity audits, and privacy risk assessments. Following a lengthy public comment period, these regulations have been condensed, with key terms stripped back and a clearer focus established. The Board will allow further public comment until June 2 before moving to finalise the regulations.
Key Points
- Removal of references to “behavioural advertising” and “artificial intelligence” from the regulations.
- Streamlined definitions for Automated Decision-Making Technologies (ADMT), focusing only on significant, replacement-level decisions.
- Revisions aimed at reducing the scope of risk assessments and cybersecurity audits based on business size.
- Comments from the public on the new regulatory framework are open until June 2.
- Final regulations may be adopted as early as July, pending the next review period.
Why should I read this?
This article breaks down the latest regulations coming out of California, which have significant implications for businesses and how they handle privacy-related issues. If you’re involved in compliance, data protection, or simply want to stay ahead of the curve in the evolving landscape of privacy regulations, this is a must-read. We’ve gone through the details so you don’t have to!
Source: California Privacy Regulator Approves Trimmed-Down Regulations – Lexology
