California Privacy

Subscribe to California Privacy via RSS

In the second in our series of new CCPA regulations from California, we look at proposed rules for use of automated decisionmaking technology. As a reminder, CCPA discusses these technologies in relation to profiling, namely “any form of automated processing of personal information” to analyze or predict people’s work performance, health, and personal preferences, among other things.Continue Reading California’s Privacy Regulator Had a Busy November, Automated Decisionmaking Edition: What Does It Mean for Businesses?

The California Privacy Protection Agency released proposed CCPA rules for a variety of topics in November, as well as announcing an investigative sweep for compliance with the Delete Act. Topics include the following, which we cover in this week’s California-focused blog posts:Continue Reading California’s Privacy Regulator Had a Busy November: What Does It Mean for Businesses?

The dust is beginning to settle from the raft of AI-related bills Governor Newsom signed last month in California. (See for example, our post about neural data.) Most of the provisions will not go into effect for another few months. Before they do, it is worth examining the impact they will have on companies’ privacy and data security practices. Most, as we outline below, may not change fundamental practice, but instead serve as a reminder to take into account privacy and data security considerations when assessing and implementing AI tools:Continue Reading The Privacy and Data Security Impact of California’s Recent AI Bills

California’s governor has signed an amendment to CCPA, the state’s well-known privacy law. While California was the first to pass a “comprehensive” privacy law, it is the second -with this new amendment- to include “neural data” to the definition of sensitive personal information. It follows Colorado, which added this information to its law earlier this year. Unlike Colorado, the modification will not go into effect until January 1, 2025. (Colorado’s amendment, on the other hand, became effective at the beginning of August.)Continue Reading California Joins Colorado in the Brain Wave Action

Those tracking CIPA litigation are familiar with the recent decision holding in favor of a company whose site had an online chat operated by a vendor. The court in that case held (1) that the company had not violated the California Invasion of Privacy Act (CIPA), and (2) that its chat was not unauthorized “wiretapping.” This ruling came as welcome news to companies who offer online chat features, especially those who face—or fear—similar lawsuits.Continue Reading Promising Decision in Wiretapping Case, Win for Businesses

California has been active in the kids space. First, the Ninth Circuit’s recently ruled on the California’s Age-Appropriate Design Code Act. Second, the governor has just signed a new law aimed at social media sites.Continue Reading California: Age-Appropriate Design Code Act Partially Blocked, New Social Media Law Signed

Earlier this month, the California Privacy Protection Agency (CPPA) issued its first-ever enforcement advisory (No. 2024-01). The advisory addresses what it calls the “foundational principle” of data minimization, and more specifically, as applied to the processing of consumer requests.Continue Reading The CPPA Signals Focus on Data Minimization and Consumer Requests

The CPPA, the California regulatory body charged with enforcing CCPA, recently released draft regulations for use of automated decisionmaking technology. The draft comes under the law’s requirements for the agency to issue regulations on the topic. Under the law, automated decisionmaking technology is discussed in relation to profiling. Profiling is defined as “any form of automated processing of personal information” to analyze or predict people’s work performance, health, personal preferences, and the like. However, what constitutes “automated decisionmaking technology” is not defined.Continue Reading California Releases Automated Decision Rules in Draft