California Privacy Protection Agency

Here are a few fun facts about the CPPA that you can trot out at cocktail parties (depending on whether you hang out with privacy nerds).

It may appear as if The California Privacy Protection Agency has been in hibernation mode. But don’t let that fool you. The bear is awake and it’s got an appetite.

The next wave of privacy regulation revolves around data brokers. And while the term “data broker” may have a negative connotation, its legal definition is fairly straightforward.

Putting aside the bureaucracy of it all, what do ad tech companies need to know about the risk assessment rules being established by the California Privacy Protection Agency?

Sharing enough detail without being overwhelming is a difficult balance to strike, and there’s no perfect answer. But one thing is for certain: Privacy platitudes are for hacks or for those with something to hide.

California’s privacy protections are considered by most privacy pros to be the toughest and most comprehensive in the nation. But the California Privacy Protection Agency has a budget of just $10 million to regulate against the largest technology companies in the world.

Although there are important nuances between the different laws, businesses that have been working toward compliance with the California Consumer Privacy Act and California Privacy Rights Act are in a good position for complying with other state privacy statutes. But the CPRA has several unique provisions that make it a beast all its own.

The California Privacy Rights Act (CPRA), which takes effect on January 1, 2023, and replaces the current California Consumer Privacy Act (CCPA), throws a curveball to measurement and analytics practices. Gary Kibel, partner at Davis+Gilbert, explains how restrictions on combining data will impact measurement.

The US data privacy landscape is chaotic. The future of the recently proposed American Data Privacy and Protection Act is now decidedly up in the air, and states are passing their own privacy laws in the absence of a federal one, which makes compliance complicated. Federal agencies like the FTC are also trying to fill the data privacy rulemaking void.

In September, the California Privacy Protection Agency made a call for feedback on new and outstanding issues not addressed by existing implementation regulations for CCPA, and the comments are in. One of the most hotly debated issues had to do with consent interfaces.