On July 16, the California Privacy Protection Agency (CPPA) held a public meeting of its Board (the Board). Four days before the meeting, the CPPA released revised draft rulemaking totaling several hundred pages—including a revised combined draft rulemaking package on risk assessment regulations, cybersecurity audit regulations, and automated decision-making technology (ADMT) regulations.
The meeting itself focused much more on ADMT and artificial intelligence concepts than previous meetings, but it nonetheless resulted in several important updates related to privacy. Below, we summarize several key takeaways from the July Board meeting that provide insight into future compliance considerations.