Get Full Government Meeting Transcripts, Videos, & Alerts Forever!
CPPA adopts automated‑decision and cybersecurity audit rules after contentious public comment
Summary
After years of drafting and more than 500 pages of recent comments, the CPPA board voted 5‑0 to adopt regulations governing automated decision‑making technology (ADMT), risk assessments, and phased cybersecurity audits. Labor and consumer groups told the board the package had been weakened; industry groups urged further narrowing and more time.
The California Privacy Protection Agency adopted a package of regulations on automated decision‑making technology (ADMT), risk assessments and cybersecurity audits at its July 24 meeting after an extended public comment period and vigorous debate.
The final package narrows some original proposals, including phasing cybersecurity audits by revenue level, removing a behavioral advertising threshold for ADMT obligations, and focusing ADMT requirements on use for "significant decisions." Agency staff said those and other revisions cut estimated direct business compliance costs from the initial projection of more than $10 billion to about $4.8 billion over 10 years and that aggregate net benefits rise substantially under updated modeling.
Board members praised the staff's lengthy drafting effort. "I support adopting these thoughtful, and I say balanced and privacy focused regulations today," Board…
Already have an account? Log in
Subscribe to keep reading
Unlock the rest of this article — and every article on Citizen Portal.
- Unlimited articles
- AI-powered breakdowns of topics, speakers, decisions, and budgets
- Instant alerts when your location has a new meeting
- Follow topics and more locations
- 1,000 AI Insights / month, plus AI Chat
