The California Privacy Protection Agency has released a draft of its proposed regulations that would implement the California Consumer Privacy Act, but the draft only addresses a small number of the 22 different topics that the CPPA needs to address.
A copy of the draft of the regulations can be accessed by clicking here.
The CPPA has a board meeting scheduled for next week, at which point an updated timeline for the formal rulemaking process may be released. The CCPA is scheduled to go into effect on January 1, 2023.
Among the areas not covered in the first draft are how companies should handle the personal information or privacy requests of employees or individuals who interact with companies on a business-to-business level, and how companies should update their privacy policies about the retention of personal information.
The draft does detail how consumers should be allowed to make decisions regarding their privacy and data collected by companies, such as saying that any process must be “easy to understand” and prohibit using language that may be deemed to be manipulative. The proposed regulations would also change how consumers access and use websites subject to the law, such as offering opt-in and opt-out options to consumers regarding the use of cookies.
Voters in California approved the CCPA and the creation of the CPPA back in 2020. The law applies to any business that has annual gross revenue in excess of $25 million, buys, receives, or sells the personal information of 50,000 or more consumers, or earns more than half of its annual revenue from selling consumers’ personal information.