On March 29, 2023, the California Office of Administrative Law (the “OAL”) approved the first substantive set of California Privacy Rights Act (“CPRA”) regulations from the California Privacy Protection Agency (the “CPPA”), which we addressed in a previous blog. Those regulations went into effect immediately. As discussed in a recent episode of Ropes & Gray’s privacy podcast, The Data Day, the CPPA has also begun consideration of an additional set of regulations that would implement other CPRA requirements, issuing an Invitation for Preliminary Comments on Proposed Rulemaking Cybersecurity Audits, Risk Assessments, and Automated Decisionmaking. Enforcement of the CPRA, including its implementing regulations, is scheduled to begin on July 1, 2023. However, on March 30, 2023—just one day after the OAL approved the CPPA’s regulations—the California Chamber of Commerce announced that it had filed suit in Sacramento Superior Court seeking to delay enforcement until 12 months after a final and complete set of regulations has been adopted.
Continue Reading California Finalizes Privacy Regulations: Enforcement Scheduled to Begin in July 2023