On September 9, 2025, the California Privacy Protection Agency (CPPA) announced a joint investigation sweep targeting businesses that may be failing to honor consumers’ opt-out requests submitted via Global Privacy Control (GPC) signals, in coordination with the Attorneys General of California, Colorado, and Connecticut. The CPPA’s announcement underscores a growing trend of multi-jurisdictional collaboration among […]
California
CPPA Board Votes to Adopt CCPA Regulations; Open DROP Rules to Public Comment
On July 24, 2025, the California Privacy Protection Agency (“CPPA”) Board voted to adopt draft regulations under the California Consumer Privacy Act (“CCPA”) concerning cybersecurity audits, risk assessments, automated decisionmaking technologies, and the CCPA’s application to insurance companies. The approved regulations also include certain updates to the existing CCPA regulations. The CPPA will now submit […]
CPPA Board to Discuss Draft CCPA Regulations, DROP Requirements
The California Privacy Protection Agency (“CPPA”) Board will meet on Thursday, July 24 to discuss the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic decisionmaking technology (“ADMT”), the CCPA’s application to insurance companies, and updates to the existing CCPA regulations. Ahead of the meeting, the CPPA re-issued the draft regulations […]
CPPA Issues Revised Draft CCPA Regulations; Votes to Initiate Public Comment Period
On May 1, 2025, the California Privacy Protection Agency (“CPPA”) Board convened to discuss revisions to the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic decisionmaking technology (“ADMT”), insurance, and updates to the existing CCPA regulations. The revisions were informed by comments received by the CPPA during the formal public […]
Ninth Circuit Addresses Personal Jurisdiction Based on E-Commerce Data Collection in En Banc Decision
A recent decision by the Ninth Circuit Court of Appeals in Briskin v. Shopify, Inc., No. 22-15815, could impact the scope of personal jurisdiction over e-commerce and other entities that utilize cookies to collect personal information from visitors to the entities’ websites, particularly in California. Although the impact of the case remains to be seen, […]