California Privacy Protection Agency

There's one week left to apply to be a Senior Legal Analyst in CPPA's Enforcement Division! In this role, you'll monitor and respond to consumer complaints and help develop and oversee the cutting-edge systems that monitor litigation at the nation's first privacy regulator. This role is a great opportunity, allowing you to make a real difference in the lives of Californians while offering great benefits and flexible telework opportunities for those located in the State of California. Apply by July 30: https://lnkd.in/gEHqJSfi 

Join our Enforcement team as a Senior Legal Analyst! You’ll have the opportunity to develop and oversee cutting-edge systems that monitor litigation and consumer privacy complaints at the country's first privacy regulatory agency.  In this role, you will: - Respond to consumer complaints;  - Streamline the document and case management system for Enforcement investigations; and  - Draft and analyze legal documents. Apply by July 16: https://lnkd.in/gEHqJSfi  

California Privacy Protection Agency’s Enforcement Division recently participated in a global privacy sweep that examined more than 1,000 websites and apps. The Global Privacy Enforcement Network (GPEN) sweep involved 26 privacy enforcement authorities from around the world who joined together to search for deceptive design patterns that made it difficult for users to make privacy-protective decisions.  We are encouraged by efforts to identify deceptive design, including dark patterns, that might violate CA-specific law. As the world’s fifth largest economy and a hub of technology and innovation, California plays an important role in privacy regulation, and CPPA regulations prohibit businesses from using dark patterns to obtain consumer consent. Read more about the CPPA’s collaboration with these international regulators:  https://lnkd.in/gT2BUwnc  

Today, the California Privacy Protection Agency (CPPA) began the official 45-day public comment period today for proposed regulations regarding Data Broker Registration.  As mandated by Senate Bill 362, also known as the Delete Act, CPPA is responsible for the administration and enforcement of the Data Broker Registry.  The proposed Data Broker Registration regulations: 1) Detail what is included in, and how to pay the registration fee;  (2) Define terms included in SB 362; and  (3) Clarify requirements for registration, updates to the registry, and website disclosures.   Those wishing to submit written comments on the proposed regulations may do so until August 20, 2024 at 5 pm PT. The Agency will also hold a public hearing to receive public comment on August 20, 2024. Find more information about the event and read more:  https://lnkd.in/gfn_M5e9

The CPPA Board will hold a public meeting on July 16, 2024. Information on how to attend the meeting, the meeting agenda, and initial meeting materials can be found at https://lnkd.in/gCBYT9SK. 

AB 3048 (Lowenthal) has advanced out of the California Senate Judiciary Committee, moving one step closer to becoming law. The bill, sponsored by the CPPA, requires browsers to offer opt-out preference signals (OOPS). OOPS are a simple and easy-to-use way for consumers to opt-out of the sale or sharing of their personal information in a single step, rather than making individual requests to hundreds or even thousands of businesses they interact with online. Businesses are required to honor these signals, but currently, most consumers don’t have easy access to them. If AB 3048 is passed and signed into law, California would become the first state to require browsers to support these signals, making it easier than ever for Californians to exercise their privacy rights.  

Today, the California Privacy Protection Agency sent a letter to U.S. House Energy & Commerce Committee Chair Cathy McMorris Rodgers and Ranking Member Frank J. Pallone, Jr., opposing H.R. 8818, The American Privacy Rights Act of 2024 (APRA). If passed, the legislation would replace California’s landmark consumer privacy law with weaker protections and would compromise CPPA’s ability to fulfill its mandate to protect the privacy of California consumers.    APRA seeks to preempt nearly every provision of the California Consumer Privacy Act, California Delete Act, and other important state privacy laws. “We urge Congress to support the groundbreaking work done by many states and pass legislation that sets a floor on privacy, but allows states to go further and continue to develop innovative protections that keeps pace with technology,” said Ashkan Soltani, Executive Director of the Privacy Agency. Learn more and read the full letter: https://lnkd.in/g-PT2gEM  

Ashkan Soltani, Executive Director of the California Privacy Protection Agency (CPPA) and Maurie-Laure Denis, Chairperson of the Commission Nationale de l'Informatique et des Libertés (CNIL-France) sign the declaration of cooperation in Paris, France, establishing a framework of collaboration between the regulatory authorities.  The first of its kind for the CPPA, the declaration allows CPPA and CNIL to facilitate joint research, share best practices, and convene meetings to address emerging data protection issues. “We’re excited about working  with the CNIL...and look forward to a productive exchange in the years to come,” said Executive Director Ashkan Soltani. The signing of this declaration marks the latest efforts to prioritize international collaboration as encouraged by Californian and French law. See the announcement here: https://lnkd.in/gCeA6Ytf

Today, the California Privacy Protection Agency and the CNIL - Commission Nationale de l'Informatique et des Libertés announced their collaboration to safeguard personal information and advance privacy in a global economy. This collaboration will serve as a framework for addressing new technologies and emerging data protection issues across borders. The framework includes facilitating joint research, sharing best practices, and convening periodic meetings to promote international collaboration as encouraged by California and French law. Read more: https://lnkd.in/gCeA6Ytf

Reminder: next week, we’re hosting a virtual preliminary stakeholder session on the Data Broker Delete Requests and Opt-out Platform (DROP), an accessible deletion mechanism that will allow consumers to request to delete their non-exempt personal information held by data brokers through a single request submitted to the Agency. The virtual session will take place on Wednesday, June 26 from 10 am-2 pm PDT.  While the Agency has not begun the official rulemaking process, this event is an opportunity to learn about and provide feedback on the accessible deletion mechanism. We invite the public to register to attend: https://lnkd.in/gg7CvE-E Additionally, the Agency invites interested parties to submit preliminary written comment on certain requirements for the accessible deletion mechanism and other public policy considerations by 5:00 p.m. PT on Tuesday, June 25, 2024:   https://lnkd.in/gbCPktHz