Proposed regs on California Privacy Protection advance to next stage

Proposed regulations have been submitted for review.

On February 3, the Board of the California Privacy Protection Agency held its latest public meeting, focused on the anticipated regulations interpreting the California Consumer Privacy Act, as now amended by the California Privacy Rights Act.

The Agency unanimously approved submission of the current set of proposed regulations (available here), which provide clarity on opt-out preference signals, the right to limit the use of sensitive personal information, and new contractual provisions that businesses must include in contracts with service providers that process personal information of California consumers. As planned, the Agency submitted the proposed rules to the California Office of Administrative Law on February 14. The OAL has 30 business days to review and consider approval of the proposed regulations.

In its February 3 meeting, the Agency also unanimously voted to open a public comment period on proposed rulemaking in other areas, including cybersecurity audits, risk assessments, and automated decision-making. The Agency’s invitation for public input (available here) lists key questions for which the Agency is seeking information. Interested parties have until March 27 to submit comments. 

The CPRA’s amendments to the CCPA took effect January 1. While the Agency’s rulemaking process continues to unfold, businesses should not wait for final regulations to begin compliance efforts. This was reinforced by a press release issued on January 27 by the California Attorney General. The press release announced an “investigative sweep” of popular apps in the retail, travel, and food service industries that allegedly fail to comply with consumer opt-out requests or offer mechanisms for consumers to opt out of the sale of their data.  

The Constangy Cybersecurity & Data Privacy team assists businesses of all sizes and industries with implementing necessary updates to their privacy and compliance programs to address these complex and evolving regulatory requirements. If you would like additional information on how to prepare your organization, contact us directly at

  • John  Babione

    John is a member of the Constangy Cyber Team. He provides compliance advisory services to clients by proactively navigating the legal landscape of data privacy and security. John advises clients on a wide range of state, federal, and ...

The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation. 


* indicates required
Back to Page