November 27, 2022

Volume XII, Number 331


Update on the California Privacy Protection Agency: Still No Date Certain for the CPRA Regulations

On Friday, September 23, the California Privacy Protection Agency (CCPA) held a meeting about various CPPA administrative activities.

The Rulemaking Process Subcommittee presented on the “Course of Action for Current Rulemaking Process.” However, much to the dismay of observers, the subcommittee did not provide any timeline for finalization of the draft regulations issued by the CPPA pursuant to  §1798.185 of the amended California Consumer Privacy Act (CCPA).

CCPA requires that the CPPA issue the final version of the regulations by July 1, 2022. The draft regulations were issued seven days after that deadline, on July 8, 2022, and the public comment period closed on August 23, 2022.

CPPA Board meeting provided no helpful insight about timing for the final version of the regulations or whether the Board will (or will ask the California legislature to) delay the effective date (January 1, 2023) and/or the enforcement data (July 1, 2023). CCPA’s Executive Director Ashkan Soltani noted that he expects lots of “changes” to the draft regulations based on the voluminous comments received.  Executive Director Soltani also suggested that the CPPA Board provide some more definitive timing for the regulations issuance. One board member requested an agenda item for the next board meeting to discuss a public awareness campaign regarding the effect of delayed regulations and its impact on enforcement.

While Executive Director Soltani’s comments indicate that the draft regulations will change (and potentially significantly), no clear signal was provided about whether the CPPA will issue the regulations before the end of 2022. Businesses hoping for clarity will need to wait – hopefully not much longer – to finalize their CCPA program planning.

© Copyright 2022 Squire Patton Boggs (US) LLPNational Law Review, Volume XII, Number 273

About this Author

Julia B. Jacobson New York Cybersecurity Attorney Squire Patton Boggs

Julia B. Jacobson is a Partner in Squire Patton Boggs' Data Privacy, Cybersecurity & Digital Assets Practice. For over 20 years, a world-class roster of national and multinational clients has turned to Julia for practical and tactical advice and counsel on privacy and cybersecurity compliance strategies, data breach response, technology transactions and marketing initiatives.

A significant portion of Julia’s practice is devoted to advising clients on an array of privacy, cybersecurity, data breach and data governance matters. She assists...

Elizabeth A. Spencer Berthiaume Attorney Cybersecurity Squire Patton Boggs Dallas

Elizabeth Spencer Berthiaume is an associate in the Data Privacy, Cybersecurity & Digital Assets Practice. She focuses her practice on data privacy and protection, cybersecurity and data breach preparedness and response.