Comments to California Privacy Protection Agency on Preliminary CPRA Rulemaking

November 9, 2021 / Ridhi Shetty, Cody Venzke

CDT submitted comments to the California Privacy Protection Agency, in response to an invitation for comments on the Agency’s preliminary rulemaking pursuant to the California Privacy Rights Act of 2020 (CPRA). As the Agency initiates its CPRA rulemaking process, our comments call on the Agency to ensure that businesses are accountable to consumers by requiring covered entities to:

Provide access to information about automated or algorithmic decision-making systems,
Establish sufficient standards for deidentification and use restrictions,
Properly train designated staff with relevant expertise who are responsible for carrying out covered entities’ data practices, and
Establish additional safeguards and limitations for the use of sensitive personal information beyond opt-out.

Further, our comments urge the Agency to ensure that CPRA regulations do not have unintended consequences that may interfere with governmental entities’ control over their data held by their service providers.

Read the full comments there.

Related Reading

Samir Jain Testimony for House Committee. White document on black background.

CDT VP of Policy Samir Jain Testimony Before U.S. House Energy & Commerce Committee on “Legislative Solutions to Protect Kids Online and Ensure Americans’ Data Privacy Rights”

April 16, 2024

Deprecating third-party cookies: a small step towards a more private web

April 9, 2024

CDT brief, entitled "Unintended Consequences: Consumer Privacy Legislation and Schools." White and blue document on a grey background

Brief – Unintended Consequences: Consumer Privacy Legislation and Schools

April 4, 2024