California Consumer Privacy Act (CCPA)

Key Takeaways from CPPA’s Recent Settlement with an Automotive Manufacturer for Alleged CCPA Violations

March 19, 2025 By Maki DePalo and Hyun Jai Oh

On March 12, 2025, the California Privacy Protection Agency (CPPA) published its decision approving a Stipulated Final Order (Order) against a major automotive manufacturer (company) for violations of the California Consumer Privacy Act (CCPA). The Order requires the company to pay a $632,500 fine and implement several changes to its data handling practices. These changes […]

California Attorney General Targets Location Data in New Investigative Sweep

March 12, 2025 By David Keating and Hyun Jai Oh

This week California Attorney General Rob Bonta announced a new investigative sweep under the California Consumer Privacy Act (CCPA). We have anticipated this sweep for some time based on the focus and the direction of a number of inquiries, investigations, and enforcement proceedings initiated by Attorney General Bonta’s office over the past 12-24 months. The […]

State AGs Publish Guidance on How State Laws Apply to AI

February 3, 2025 By Daniel Felz, Jennifer Everett, Alex Brown and Dorian Simmons

On December 24, 2024 and January 13, 2025, the Oregon Attorney General’s Office and the California Attorney General’s Office published advisories (collectively, “Advisories”) explaining how existing statutes may be used to regulate, investigate and enforce against artificial intelligence (“AI”). These Advisories serve to remind AI developers, suppliers and users of heightened regulatory scrutiny of AI, […]

CPPA Opens Formal Public Comment Period for CCPA Proposed Regulations

December 2, 2024 By Dorian Simmons and Yin Tydir

On November 22, 2024, the California Privacy Protection Agency (the “CPPA”) issued a Notice of Proposed Rulemaking and opened the formal comment period for its proposed regulations on updates to existing California Consumer Privacy Act (the “CCPA”) regulations, cybersecurity audits, risk assessments, automated decisionmaking technology (ADMT) and the applicability of the CCPA to insurance companies. […]

CPPA Board Advances CCPA Regulations to Formal Rulemaking; Adopts New Data Broker Regulations

November 15, 2024 By David Keating, Dorian Simmons and Yin Tydir

On November 8, 2024, the California Privacy Protection Agency (the “CPPA”) Board advanced to formal rulemaking the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automated decisionmaking technology (ADMT) and insurance. The CPPA Board also adopted the California Delete Act proposed regulations, which clarify data broker registration requirements and provide definitions […]