On May 1, 2025, the California Privacy Protection Agency (“CPPA”) Board convened to discuss revisions to the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic decisionmaking technology (“ADMT”), insurance, and updates to the existing CCPA regulations. The revisions were informed by comments received by the CPPA during the formal public […]
California Privacy Protection Agency (CPPA)
State Regulators Form Privacy Law Implementation and Enforcement Group
Eight state regulators have established a coalition called the Consortium of Privacy Regulators to collaborate on the implementation and enforcement of their privacy laws. According to announcements from the California Privacy Protection Agency (“CPPA”) and California Attorney General Rob Bonta, the Consortium aims to coordinate enforcement efforts, share priorities, and discuss developments in privacy law. […]
Key Takeaways from CPPA’s Recent Settlement with an Automotive Manufacturer for Alleged CCPA Violations
On March 12, 2025, the California Privacy Protection Agency (CPPA) published its decision approving a Stipulated Final Order (Order) against a major automotive manufacturer (company) for violations of the California Consumer Privacy Act (CCPA). The Order requires the company to pay a $632,500 fine and implement several changes to its data handling practices. These changes […]
State AGs Publish Guidance on How State Laws Apply to AI
On December 24, 2024 and January 13, 2025, the Oregon Attorney General’s Office and the California Attorney General’s Office published advisories (collectively, “Advisories”) explaining how existing statutes may be used to regulate, investigate and enforce against artificial intelligence (“AI”). These Advisories serve to remind AI developers, suppliers and users of heightened regulatory scrutiny of AI, […]
CPPA Opens Formal Public Comment Period for CCPA Proposed Regulations
On November 22, 2024, the California Privacy Protection Agency (the “CPPA”) issued a Notice of Proposed Rulemaking and opened the formal comment period for its proposed regulations on updates to existing California Consumer Privacy Act (the “CCPA”) regulations, cybersecurity audits, risk assessments, automated decisionmaking technology (ADMT) and the applicability of the CCPA to insurance companies. […]