During its September 23, 2022 board meeting, the California Privacy Protection Agency (CPPA) provided an update on the status of the ongoing California Privacy Rights Act (CPRA) rulemaking.  Since the closure of the required 45-day comment period, the agency staff have been reviewing the written and oral comments submitted by the public.  The agency will be promulgating revised regulations, which will be drafted by the staff and presented to the Board.  These revisions will be followed by an additional public comment period of 15 to 45 days depending on the scope of the revisions.

The CPPA Rulemaking Process Subcommittee also proposed a process for the Board’s review of and vote on the rules, including separate presentations by staff on (1) provisions that are part of a consent agenda (which would group non-controversial revisions to the draft rules) and (2) provisions outside of the consent agenda.  Deliberation and a vote would follow each presentation, with the assumption that only the provisions outside the consent agenda would require individual debate.  The Subcommittee suggested that deliberations may require multiple public Board meetings over several days, perhaps with breaks for staff to work on revisions or Board members to review resources.  While Board members would have the authority to draft and propose specific amendments, the Subcommittee recommended that Board members rely on staff for drafting assistance.  The proposed process prompted substantial discussion among the Board members.  Board members raised concerns including: the time commitment and burden for the Board, public, and staff; compliance with the notice requirements of the Bagley-Keene Open Meeting Act; and the role of staff, as compared to the Board.  The timing of the proposed meetings also remained unclear at the conclusion of the Board meeting, and one Board member suggested that the impact of the delayed regulations on enforcement should be docketed for discussion in a future Board meeting.

Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.

Photo of Sarah Parker Sarah Parker

Sarah Parker is an associate in the firm’s Washington Office. Her practice focuses on privacy, advertising, and consumer protection regulatory matters and government investigations.

Sarah also maintains an active pro bono practice, with a focus on criminal justice and civil rights litigation