The CPPA board will meet at 9 a.m. Dec. 8, and attendees may participate via Zoom or by dialing in; specific instructions can be found on the CPPA website.
The meeting will begin with an update from the California Privacy Rights Act (CPRA) Rules Subcommittee and a staff presentation on draft rules for automated decision-making technology, risk assessments and cybersecurity. Other topics on the agenda include:
- An update on legislation and agency proposals;
- Discussion and possible adoption of a proposed regulation establishing a fee schedule for data brokers operating in California; and
- An update on CPPA’s engagement of other governmental entities and CPPA priorities.
Generally, automated decision-making involves gathering user data from website visitors, and offering users the option of opting out of that process. When a consumer doesn’t opt out, their data could be used to influence what they’re shown or the options they’re given on a website.
Automated decision-making relies on technology that automates the decision-making process. It differs from artificial intelligence, which is able to learn, predict and take independent actions.
As a prelude to formulating any new rules, CPPA solicited public comments last spring about the proposed rule changes. These comments are posted online.
The California Privacy Rights Act, which is posted online, addresses restrictions on data gathering, requirements for disclosure to consumers, and details about opting out of the data gathering. It also regulates the collection of data from minors; contracts for service providers’ collection and use of users’ data; and regulates how to handle users’ requests to correct or delete information that’s been gathered about them.