The California Privacy Protection Agency (CPPA) has unveiled revamped draft regulations addressing automated decision-making technology (ADMT), risk assessments, and cybersecurity audits. This round of updates is open for public comment until June 2, 2025, signalling a flexible approach to stakeholder input and reducing burdensome regulations for businesses. Below are key insights into what’s changing and what that means for compliance.
Key Points
- Draft regulations now focus on systems that “substantially replace” human decision-making, narrowing scope significantly.
- Consumers’ rights to opt out of certain automated decision-making practices have been curtailed, aligning with other state laws.
- Businesses can now streamline pre-use notices, combining them with existing CCPA notices.
- Cybersecurity audit requirements have been simplified to reduce the compliance burden on businesses.
- Risk assessment obligations have been eased, allowing for greater flexibility in existing processes.
Why should I read this?
If you’re in the business of data and AI, this revised draft is a must-read! The CPPA’s efforts to relax obligations means less hassle for compliance while keeping the focus where it belongs. Now’s your chance to weigh in as a stakeholder and shape how these regulations evolve. No more need to wade through complicated red tape!