News & Announcements
Founding California Privacy Protection Agency (CPPA) Board Member Chris Thompson has announced that he is departing the Agency Board, effective immediately.
Mr. Thompson made the announcement at the December 16 meeting of the CPPA Board. At the meeting, Mr. Thompson thanked Chairperson Jennifer Urban and the other members of the Board. “I am proud of what we have done together, and I know that you all are going to continue to do great things. I am honored to have had the opportunity to serve on this Board and to get to know and serve with all of you,” said Mr. Thompson.
The CPPA is vested with full administrative authority to implement and enforce the California Consumer Privacy Act, as amended by Proposition 24, the California Privacy Rights Act. The Agency Board consists of five members: two members appointed by the Governor; one member appointed by the Assembly Speaker; one member appointed by the Senate Rules Committee; and one member appointed by the Attorney General.
Chairperson Urban said: “We have been very fortunate to have Mr. Thompson’s expertise, his outlook, and his dedication on the Board. As we’ve moved through startup, development, and building stages, I have especially valued Mr. Thompson’s focus on building an Agency with a strong organizational foundation, including careful attention to culture and values."
Mr. Thompson was appointed to the Agency Board in March 2021 by Governor Gavin Newsom. His formal resignation occurred on December 9, 2022.
Mr. Thompson recently began his new role as Chief of Staff for Los Angeles Mayor Karen Bass. He was previously Senior Vice President of Government Relations at LA28. He held multiple positions at Southern California Edison from 2013 to 2020, including Vice President of Local Public Affairs and Vice President of Decommissioning. Prior to that, he held multiple positions in the U.S. Senate and U.S. House of Representatives.
Today, the Global Privacy Assembly (GPA) voted to admit the California Privacy Protection Agency (CPPA) as a full voting member. The Global Privacy Assembly is a global forum of over 130 data protection and privacy authorities. Previously known as the International Conference of Data Protection and Privacy Commissioners, it was established in 1979 to help advance privacy by fostering cooperation and information-sharing among privacy authorities across the globe.
The GPA voted to admit the CPPA at the 44th Annual Global Privacy Assembly, “A Matter of Balance: Privacy in The Era of Rapid Technological Advancement,” held in Istanbul, Turkey. CPPA’s Executive Director, Ashkan Soltani, gave a keynote address at the open session portion of the meeting.
In 2018, California became the first state to adopt a comprehensive commercial privacy law, the California Consumer Privacy Act (CCPA). In 2020, California voters approved Proposition 24, the California Privacy Rights Act, which created the CPPA, the first data protection authority in the United States vested with the authority to issue regulations, audit businesses’ compliance, and undertake enforcement to protect consumer’ privacy.
The Agency joins the Federal Trade Commission (FTC) as the second voting member of the GPA from the United States. Observing members from the US include the Consumer Financial Protection Bureau (CFPB), National Telecommunications and Information Administration (NTIA), and the Privacy and Civil Liberties Oversight Board (PCLOB).
Attorney General Rob Bonta has appointed Alastair Mactaggart to the California Privacy Protection Agency Board.
The California Privacy Protection Agency is governed by a five-member board. Under the Agency’s implementing statute, the Board Chairperson and one Board Member are appointed by the Governor; one Board Member is appointed by the Rules Committee of the Senate; one Board Member is appointed by the Speaker of the Assembly; and one Board Member is appointed by the Attorney General.
Mr. Mactaggart will begin his duties immediately.
Mr. Mactaggart replaces Board Member Angela Sierra, who has played a key role in establishing the CPPA since her appointment by Attorney General Xavier Becerra. She will begin a new role as a member of the State of California’s Racial and Identify Profiling Advisory (RIPA) Board.
“It is with tremendous gratitude that we say goodbye to Angela Sierra. She has been an exemplary asset, providing sound advice and devoting countless hours to help build the Agency. The Agency, and all Californians, will remain indebted to her for her work to advance consumer privacy,” said Executive Director Ashkan Soltani.
Prior to her work on the Board, Ms. Sierra served as Chief Assistant Attorney General of the California Department of Justice’s Public Rights Division, overseeing the work of the Division’s over 400 employees in areas related to safeguarding civil rights, protecting consumers against misleading advertising claims, fraudulent business practices and privacy violations, maintaining competitive markets, protecting consumers’ health care rights, preserving charitable assets and safeguarding the State’s natural resources and environment.
SACRAMENTO – California Privacy Protection Agency Executive Director Ashkan Soltani released the following statement commending United States House Speaker Nancy Pelosi for her comments on the American Data Privacy and Protection Act (ADPPA), highlighting concerns with ADPPA’s limits on state privacy protections.
“The California Privacy Protection Agency applauds Speaker Pelosi’s commitment to ensuring strong privacy protections, in California and across the country. We look forward to working with the Speaker and Chairman Pallone to ensure that any federal privacy legislation sets a true floor for privacy protections and preserves the key role of the states to innovate, particularly in response to rapidly evolving threats to privacy.”
In July, the California Privacy Protection Agency Board voted unanimously to oppose as currently drafted proposed federal privacy legislation that seeks to significantly weaken Californians’ privacy protections by pre-empting the California Consumer Privacy Act and other state privacy laws. Governor Gavin Newsom, Assembly Speaker Anthony Rendon, Senate President Pro Tempore Atkins and California Attorney General Rob Bonta have all also raised concerns regarding the broad preemption language in the bill.
CPPA Board Member Lydia De La Torre stated: “Preemption to me doesn't really align with ensuring that Californians or, for that matter of residents of any state, enjoy the highest possible privacy protections.” “This is particularly concerning to me in an era... where Roe has been repealed.”
SACRAMENTO — Today, the California Privacy Protection Agency sent a letter to House Speaker Nancy Pelosi and Minority Leader Kevin McCarthy opposing H.R. 8152, the American Data Privacy and Protection Act (ADPPA).
The bill, which advanced out of the House Energy and Commerce Committee last month, seeks to replace California’s landmark law with weaker protections and compromises the ability of the newly-founded California Privacy Protection Agency (CPPA) to fulfill its mandate to protect the privacy of Californians.
On July 28, 2022, the CPPA Board voted unanimously to oppose ADPPA and any other bill that seeks to preempt the California Consumer Privacy Act (CCPA). The Board, however, voted to support a privacy framework that would set a “true floor” on privacy and allow states to further innovate on those protections. Governor Newsom, Assembly Speaker Rendon, ten attorneys general, including California’s Rob Bonta, and members of the California Senate have also released letters raising concerns about ADPPA.
The CPPA, created and funded in 2020 by the California voters, is the first data protection authority in the United States, and has as its the sole focus the protection of California residents’ privacy rights. Led by a five-member Board, it is vested with the authority to issue regulations, audit businesses’ compliance, and undertake enforcement to protect Californians’ privacy.
Ashkan Soltani, Executive Director of the CPPA, said: “Americans deserve more than ADPPA. In an era in which Roe v. Wade has been overturned, Americans need the ability to have meaningful protections over sensitive information that can be used to incriminate them. Yet ADPPA would remove important safeguards that are already available to Californians today and tie the hands of states from improving privacy protections in the future. We urge lawmakers to focus their efforts on ensuring that any privacy legislation follows the model of other federal privacy laws and sets a floor, not a ceiling, on privacy rights.”
California Representatives Eshoo and Barragán, both members of the House Energy and Commerce Committee, voted against ADDPA at last month’s markup. Every member of the California delegation voted in favor of an amendment that would allow the states to pass stronger laws — which Rep. Eshoo proposed.
SACRAMENTO –The California Privacy Protection Agency Board voted unanimously today to oppose as currently drafted H.R. 8152, the American Data Privacy and Protection Act (ADPPA), proposed federal privacy legislation that seeks to significantly weaken Californians’ privacy protections by pre-empting the California Consumer Privacy Act and other state privacy laws.
The Board also voted to oppose any bill that similarly threatens crucial privacy protections for Californians but, via a third motion, left room for the Agency to support federal privacy legislation that provides a “true floor” that allows states to implement stronger protections.
ADPPA was advanced by the House Committee on Energy & Commerce on July 20, 2022. Governor Gavin Newsom, Assembly Speaker Anthony Rendon, and California Attorney General Rob Bonta have all submitted letters critical of the broad preemption language in the bill. While ADPPA would extend privacy rights in states where they do not currently exist, most protections Californians currently enjoy under the CCPA would likely be preempted, including, notably, the CCPA’s constitutionally-protected “floor” for privacy protections, California’s ability to strengthen the law in the future, and the Agency’s ability to protect Californians’ privacy rights under the California law. Agency staff outlined the impact that the bill would have on Californians in a memo released on Tuesday.
Board Member Chris Thompson stated: “It appears to me that there is a false choice in this bill that....the strong rights of Californians (and others) have to be taken away in order to provide weaker rights federally.” “There is an alternative. We can have both. We can have a federal floor that enables states to continue to innovate in this policy area.” “[W]e need to be able to continue to act to protect Californians’ rights and to drive forward and adapt to other technological standards of technological innovation.”
Board Member Angela Sierra stated: “States are in the best position to really react and address to changes in technology.” “There is room for federal legislation, but at the same time allowing the States to be able to address what is going to be very important.”
Board Member Lydia De La Torre stated: “Preemption to me doesn't really align with ensuring that Californians or, for that matter of residents of any state, enjoy the highest possible privacy protections.” “This is particularly concerning to me in an era... where Roe has been repealed.“
Board Member Vinhcent Le stated: "Pre-emption would mean that California no longer have the right to opt out of automated decision making or to get meaningful information when an automated system profiles them or makes a high stakes decisions around who has access to jobs, healthcare, credit, housing, you name it." “While I am excited about the prospect of a national privacy law, I believe it does not need to come at the expense of the privacy rights we have here in California.”
Sacramento, CA - The California Privacy Protection Agency Board ("Board") will be holding a Special Meeting on Jul 28, 2022 pursuant to Government Code 11125.4 to Discuss and Take Possible Action on Proposed Federal Privacy Legislation, Including the American Data Protection and Privacy Act and Similar Legislation. Information on how to attend the meeting and the meeting agenda can be found on the California Privacy Protection Agency's site at https://cppa.ca.gov/meetings/
Agency to hear public comment at hearing on August 24 and 25 as part of rulemaking process
The California Privacy Protection Agency today began the formal rulemaking process to adopt proposed regulations implementing the Consumer Privacy Rights Act of 2020 (CPRA), a law amending and building on the California Consumer Privacy Act (CCPA). The CPRA amendments to the CCPA give California residents new rights over the personal information that covered businesses maintain about them. The proposed regulations (1) update existing CCPA regulations to harmonize them with CPRA amendments to the CCPA; (2) operationalize new rights and concepts introduced by the CPRA to provide clarity and specificity to implement the law; and (3) reorganize and consolidate requirements set forth in the law to make the regulations easier to follow and understand.
A copy of the proposed regulations and supporting documents can be found on the Agency’s website at https://cppa.ca.gov/regulations/consumer_privacy_act.html. A hearing on the proposed regulations will occur on August 24 and 25, 2022 at 9:00 am Pacific Time. Media and members of the public are encouraged to RSVP via the link above.
Persons who wish to submit written comments on the proposed regulations must submit them by August 23, 2022 at 5 pm Pacific Time. Comments can be submitted by email to firstname.lastname@example.org or by mail to The California Privacy Protection Agency, Attn: Brian Soublet, 2101 Arena Blvd., Sacramento, CA 95834. Please note that any information provided is subject to public disclosure.
The new California Privacy Protection Agency began an important new chapter on April 21, 2022, when rulemaking authority under the California Consumer Privacy Act (CCPA) formally transferred to the Agency, pursuant to the CCPA, as provided for by the California Privacy Rights Act of 2020 (CPRA).
On May 5, 2022, the Agency marked another key milestone when the California Office of Administrative Law (OAL), pursuant to Section 100 of OAL’s regulations, approved the transfer of the existing CCPA regulations to Title 11, Division 6, a new division of the California Code of Regulations that is under the jurisdiction of the Agency. While these amendments are non-substantive and merely renumber the existing CCPA regulations, they represent the beginning of the Agency’s rulemaking role.
First adopted in 2018 and effective January 1, 2020, the CCPA provides Californians with key privacy rights, including the right to know the personal information collected about them by businesses, the right to delete that information, and the right to stop its sale. In November 2020, California voters approved Proposition 24, the California Privacy Rights Act, which created the Agency—the first independent data protection authority in the United States—and vested it with the authority to implement and enforce the CCPA.
These milestones mark the Agency’s latest step toward its first formal rulemaking. The Agency began preliminary rulemaking last year, when it collected hundreds of pages of written pre-rulemaking comments from the public. These comments are available here. Last month, the Agency Board held two days of pre-rulemaking Informational Sessions. Transcripts are available here. Earlier this month, the Agency welcomed comments from the public over three days of pre-rulemaking Stakeholder Sessions. Videos are available here.
The Agency will take its next step toward formal rulemaking on May 26, 2022, when its five-member Agency Board is expected to meet to consider a proposed course of action for the upcoming rulemaking process. Information about the meeting is available here. More information about the Section 100 transfer can be found here, which includes an explanatory statement and a chart that explains the renumbering.
SACRAMENTO – The California Privacy Protection Agency has selected Ashkan Soltani as the Agency’s new Executive Director. He began his duties today.
As Executive Director, Soltani will carry out the day-to-day operations of the Agency, which is governed by a five-member board which will implement and enforce the California Consumer Privacy Act of 2018 (CCPA) including Proposition 24, the California Privacy Rights Act of 2020 (CPRA), which created the Agency. He will also oversee enforcement activities, rulemaking, and public awareness, and will build and lead the Agency staff.
Among his other accomplishments, Soltani was an architect of both measures and is considered one of the country’s leading experts on privacy and security.“We are thrilled to have Ashkan join the California Privacy Protection Agency,” said Agency Board Chair Jennifer Urban. “His background in technology and privacy, and his work on both the CCPA and the CPRA give him a thorough understanding of California privacy law and will stand him in good stead as he leads Agency staff and helps the Agency fulfill its privacy protection mandate.”
“California is leading the way when it comes to privacy rights and I’m honored to be able to serve its residents,” said Soltani. “I am eager to get to work to help build the Agency’s team and begin doing the work required by CCPA and the CPRA.”
Soltani is a Distinguished Fellow at the Georgetown University Law School at both the Institute for Technology Law and Policy and the Center on Privacy and Technology. He previously served as a Senior Advisor to the U.S. Chief Technology Officer in the White House Office of Science and Technology Policy under the Obama Administration, and as the Chief Technologist for the Federal Trade Commission, where he helped create the Office of Technology Research and Investigation.
He was also recognized as part of the 2014 Pulitzer Prize winning team for his contribution to the Washington Post’s coverage of national security issues, and has served as the primary technical consultant on the Wall Street Journal’s investigative series “What They Know,” which was a finalist for a 2012 Pulitzer Prize.