The CPPA was established under the California Privacy Rights Act (CPRA), which was passed through a ballot initiative in 2020 and will implement significant changes to the California Consumer Privacy Act (along with any implementing regulations, CCPA) on January 1, 2023. A summary of the CPRA’s changes can be found in our previous post, CPRA Rivals GDPR’s Privacy Protections and Emphasizes Consumer Choice. The CPPA is tasked with enforcing the CCPA, providing guidance and establishing regulations to further implement the CCPA’s provisions.
The meeting yielded preliminary updates on the CPPA’s duties, general operations, budget, staffing and implementation of the CPRA. During his address, Director Soltani stated that, “The agency’s rulemaking authority takes effect in April. When we have information gathered through preliminary work, we can expect formal proceedings for a formal rulemaking package in Q2.” Director Soltani also stated that, “Formal proceedings, including public hearings, will continue into Q3 with rulemaking being completed in Q3 or Q4. While this puts us somewhat past the July 1 rulemaking schedule in the statute, it allows us to balance staffing of the agency while undertaking substantial information gathering to support our rules.” Based on these statements, it appears that the Regulations will not be released in time to meet the CPRA’s July 1, 2022, deadline.
Despite the delay, businesses should continue to evaluate their CPRA compliance needs ahead of the January 1, 2023, implementation date. We will continue to monitor and provide updates on significant developments in the CPPA’s rulemaking process.
If you have any questions, please contact a member of the Akin Gump cybersecurity, privacy and data protection team.