FPF Files Comments to Inform New California Privacy Rulemaking Process

Future of Privacy Forum (FPF) filed comments with the California Privacy Protection Agency to inform the Agency’s forthcoming rulemaking to implement the California Privacy Rights Act amendments to the California Consumer Privacy Act’s provisions on cybersecurity audits, risk assessments, and automated decisionmaking.

FPF’s comments are directed towards ensuring that individuals are able to effectively exercise new consumer rights under the CCPA while maximizing clarity for both individuals and businesses and promoting interoperability with emerging U.S. and global privacy frameworks.

Specifically, FPF recommended the Agency adopt regulations concerning automated decisionmaking and risk assessments that:

1. Govern automated decisionmaking systems that produce “legal or similarly significant effects”
2. Clarify how the California Consumer Privacy Act will apply to automated decisions and profiling subject to varying degrees of human oversight
3. Support meaningful access rights with respect to automated decisionmaking systems
4. Provide guidance that supports context-appropriate flexibility in developing and conducting data protection assessments
5. Are informed by existing best practices for data protection assessments