The California Privacy Protection Agency (CPPA) recently released draft regulations for the California Privacy Rights Act (CPRA) (Draft Regulations). These Draft Regulations come roughly two months before the agency is required to adopt final regulations for the law (by July 31, 2022) and almost seven months before the CPRA is set to go into effect on January 1, 2023. The CPPA previously announced that the final regulations may be delayed until fall 2023, and it is unclear whether these new Draft Regulations will put them on track to meet the statutory deadline. The Draft Regulations will be subject to extensive public review and comment and will be discussed during the CPPA’s June 8 board meeting.
The Draft Regulations will provide businesses with a road map for CPRA compliance. The Draft Regulations use the already-effective California Consumer Privacy Act (CCPA) regulations as a starting point and implement edits mandated by the CPRA on top of the CCPA’s requirements. Businesses subject to the CCPA can use the same strategy and rely on their current CCPA compliance framework as a starting point for the CPRA.
In this WilmerHale client alert titled “California Privacy Protection Agency Releases Draft CPRA Regulations,” we share key highlights from the Draft Regulations and summarize the most notable points from each of the major sections of the Draft Regulations.