California Privacy Protection Agency rules on automated decision-making technology (ADMT) and other subjects could receive Office of Administrative Law approval before the end of September.
California Privacy Protection Agency (CPPA)
The California Privacy Protection Agency (CPPA) enforces California’s privacy laws and is setting the pace for state-level regulation as one of the first U.S. privacy regulators. The agency regularly issues detailed rulemaking on topics such automated decision-making, audits and risk assessments, with businesses watching closely due to CPPA enforcement and interpretation's outsized impact on national privacy expectations. This page tracks agency actions, final and draft regulations and compliance takeaways from CPPA activity.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
Companies can learn practical lessons from common themes in recent enforcement actions and implementing those takeaways can help them stay ahead of evolving privacy requirements, said Quarles lawyers in a blog post Monday.
The California Privacy Protection Agency (CPPA) filing a court petition to force Tractor Supply Co. to comply with an investigative subpoena Wednesday demonstrates its willingness to fight for privacy rights, consumer advocacy groups and other privacy professionals said.
The California Privacy Protection Agency revealed -- and raised the stakes in -- an investigation of Tractor Supply Company, filing a court petition Wednesday that alleges the retailer failed to comply with an investigative subpoena seeking information about its compliance with the California Consumer Privacy Act (CCPA).
The California Consumer Privacy Act (CCPA) is “like a big Lego block” to which state legislators “are constantly adding … Lego pieces,” said Tom Kemp, executive director of the California Privacy Protection Agency, during an IAPP webinar Tuesday. The California Privacy Rights Act, which amended the CCPA, prohibits reducing Californians’ privacy rights, he noted.
Businesses should map their automated decision-making technology (ADMT), review and revise privacy policies, plan for cybersecurity audits and review vendor contracts in response to California Privacy Protection Agency rules adopted July 24, some privacy law practices advised in recent client alerts. The rules are expected to be finalized without changes shortly.
Enforcers should ensure that registered data brokers improve their performance when consumers request information from them about their data, the Electronic Frontier Foundation (EFF) said in a blog post Monday. The California Consumer Privacy Act (CCPA) grants consumers the legal right to request access to, or deletion of, their data.
Facebook must confront a consumer protection lawsuit after the District of Columbia Court of Appeals revived it Thursday. A lower court applied the wrong legal standard when it dismissed the case in 2022, the appeals court said.
So far in 2025, state lawmakers and regulators have focused on data related to health, children, geolocation and biometrics, said Sidley privacy attorneys Colleen Theresa Brown, Sheri Porath Rockwell and Sasha Hondagneu-Messner in a blog post Thursday.