On December 24, 2024 and January 13, 2025, the Oregon Attorney General’s Office and the California Attorney General’s Office published advisories (collectively, “Advisories”) explaining how existing statutes may be used to regulate, investigate and enforce against artificial intelligence (“AI”). These Advisories serve to remind AI developers, suppliers and users of heightened regulatory scrutiny of AI, […]
CCPA
CPPA Opens Formal Public Comment Period for CCPA Proposed Regulations
On November 22, 2024, the California Privacy Protection Agency (the “CPPA”) issued a Notice of Proposed Rulemaking and opened the formal comment period for its proposed regulations on updates to existing California Consumer Privacy Act (the “CCPA”) regulations, cybersecurity audits, risk assessments, automated decisionmaking technology (ADMT) and the applicability of the CCPA to insurance companies. […]
CPPA Board Advances CCPA Regulations to Formal Rulemaking; Adopts New Data Broker Regulations
On November 8, 2024, the California Privacy Protection Agency (the “CPPA”) Board advanced to formal rulemaking the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automated decisionmaking technology (ADMT) and insurance. The CPPA Board also adopted the California Delete Act proposed regulations, which clarify data broker registration requirements and provide definitions […]
California Joins the Neural Data Bandwagon
On August 31, the California assembly passed SB1223, which amends the CCPA/CPRA to include “neural data” as a type of sensitive data. SB1223, which is likely to become law, defines “neural data” as “information that is generated by measuring the activity of a consumer’s central or peripheral nervous system, and that is not inferred from […]
CPPA Holds Preliminary Stakeholder Session on Accessible Deletion Mechanism under Delete Act
On June 26, 2024, the California Privacy Protection Agency (the “CPPA”) held a stakeholder session to provide information and gather stakeholder input on the CPPA’s mandate to build an accessible deletion mechanism known as the Delete Request and Opt-Out Platform (“DROP”) as required by the California Delete Act. DROP will allow consumers to request the […]