California Privacy Agency Releases Draft CPRA Rules

The California Privacy Protection Agency (the “Agency”) released on May 31, 2022 proposed regulations to the California Privacy Rights Act (“CPRA”) (the “Proposed Regulations”). The proposed regulations are written as comments to the California Attorney General’s Regulations for the California Consumer Privacy Act, California’s landmark privacy law, which was amended by the ACPL.

The proposed regulations address long-debated issues in US privacy law, such as the effectiveness of user preferences communicated via browser signals. Under the proposed regulations, targeted companies must respect such opt-out signals sent through browser settings as an effective communication of user preferences. Acceptable methods of opting-out communication are important because CPRA grants consumers the right to opt out of “sharing” personal information, to sell personal information, and to process sensitive personal information in certain contexts.

Other important provisions of the draft regulations include an extension of the consumer’s right to request and receive copies of information provided to covered businesses and further clarification of “dark models”. Previously, after a consumer request, companies were only required to provide copies of information received within the last 12 months. The proposed regulations require companies to provide all information collected after January 1, 2022. “Dark patterns” are defined as characteristics that have the effect of “subverting or significantly impairing autonomy, decision-making or the user’s choice, regardless of corporate intent. Dark patterns were already prohibited under the CPRA, and the proposed rule adds that obtaining consumer consent with the use of a dark pattern voids consumer consent.

The Agency is due to hold a public meeting on June 8, and the agenda lists the draft rules as a topic for discussion. The full text of the proposed regulations can be found here.

About Sandra A. Powell

Check Also

Data Security – The Growing Danger of Vishing Attacks – Data Protection

If you own a phone, you’ve probably received a suspicious call from an unknown number …