The new California Privacy Protection Agency ("CPPA") has made two recent notable announcements. On  September 22, 2021, CPPA issued an Invitation for Preliminary Comments on Proposed Rulemaking Under the  California Privacy Rights Act of 2020 ("CPRA"). CPPA was created after California voters passed the CPRA in  November 2020, and Governor Newsom appointed its inaugural board in March 2021. Under CPRA, the new  agency, the first devoted specifically to privacy in the US, must adopt regulations implementing CPRA by July 1,  2022. To that end, CPPA has invited the public to comment broadly on any area in which CPPA has authority to  adopt rules. The agency is "particularly interested" in receiving public comments on specified topics, including:

  • Processing activities that present significant risk to consumers' privacy or security;
  • Cybersecurity audits and risk assessments performed by businesses;
  • Automated decision making;
  • Audits performed by the CPPA;
  • Consumers' rights to delete, correct and know their personal information;
  • Consumers' rights to opt out of the selling or sharing of their personal information;
  • Consumers' rights to limit the use and disclosure of their sensitive personal information;
  • Information to be provided in response to a consumer request to know (specific pieces of information); and
  • Definitions of certain terms and categories of information covered by the CCPA/CPRA (including the categories of "personal information" and "sensitive personal information" specified in the law and the  definition of "dark patterns").

The deadline to submit comments is November 8, 2021.

Second, on October 4, 2021, CPPA announced its appointment of Ashkan Soltani as its first Executive Director.  Soltani will lead the new agency as it steps into a rulemaking and enforcement role under the CPRA. A long-time  privacy and security advocate, Soltani played a significant role in drafting both the California Consumer Privacy  Act of 2018 and the CPRA. He has also advocated for and worked on the Global Privacy Control specification  intended to automatically communicate consumers' privacy preferences to businesses with whom they interact.  Prior to his appointment as Executive Director of CPPA, Soltani was a Distinguished Fellow at the Georgetown  University Law School Institute for Technology Law & Policy and the Center for Privacy and Technology. He  previously served as a chief technologist for the Federal Trade Commission and as a senior advisor to the White  House Office of Science and Technology Policy. At the FTC, Mr. Soltani helped create the Office of Technology  Research and Investigation. His work at CPPA will include building the new Agency's team, and completing  CPRA rulemaking by the law's deadline.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.