CPPA to Hold Three Statewide Pre-Rulemaking Stakeholder Sessions


The California Privacy Protection Agency (CPPA) invites the public to attend three statewide stakeholder sessions to learn about and provide preliminary feedback on the Agency’s proposed regulations on automated decision-making technology, risk assessments, and cybersecurity audits. Join us at one of these three informational sessions to learn more about the draft regulations and provide comment before the Agency moves into the formal rulemaking process.

Each session will include a brief presentation by CPPA staff on the draft regulations and an overview of the rulemaking process, including information on how to participate when the formal comment period opens, likely later this year.

Please note, the CPPA has not begun the official rulemaking process for the draft regulations. These sessions are being held in advance of the formal rulemaking process. The goal is to inform the public about the draft regulations, answer common questions, and gather feedback. If the draft regulations are approved by the CPPA Board later this year, additional public meetings will take place as part of the formal rulemaking process.

Locations and Times:

  • May 13, 2024, 3:00 pm to 7:00 pm (in-person only)

    Los Angeles Junipero Serra Office Building, 320 West Fourth Street, Los Angeles, CA 90013

  • May 15, 2024, 3:00 pm to 7:00 pm (in-person only)

    Fresno Hugh Burns State Building, 2550 Mariposa Mall, Fresno, CA 91721

  • May 22, 2024, 2:00 pm to 6:00 pm (Hybrid: In-person and streamed via Zoom)

    Sacramento CCAP, 400 R Street, Sacramento, CA 95811

Registration is not required but highly encouraged so we can best accommodate attendees.

Register for Event

About CPPA

In November 2020, California voters approved Proposition 24, also known as the California Privacy Rights Act (CPRA). The CPRA amended and expanded the California Consumer Privacy Act of 2018 (CCPA) by adding additional consumer privacy rights and obligations for businesses. It also established the California Privacy Protection Agency (Agency) and tasked it with responsibilities to implement and enforce the law, including by updating current regulations and implementing new ones.

The Agency is tasked with undertaking a formal rulemaking process to adopt regulations regarding automated decision-making technology (ADMT), risk assessments, and cybersecurity audits. Staff will explain key definitions and concepts, such as what ADMT is and the rights consumers would have with respect to ADMT; when and how businesses are to conduct a risk assessment; and the requirements for an annual cybersecurity audit. The three pre-rulemaking stakeholder sessions provide the public an opportunity to learn more about the proposed regulations and provide input before the Agency moves into the formal rulemaking process.

Contact: info@cppa.ca.gov