Please consider supporting us by disabling your content blocker.
loader

California Privacy Regulator Invites Public Feedback on AI Regulations

California Privacy Protection Agency Invites Public Comment

The California Privacy Protection Agency (CPPA) has announced a formal public comment period for its proposed rulemaking package. This package introduces new regulations and updates existing ones, focusing on automated decision-making technology (ADMT), cybersecurity audits, risk assessments, and compliance for insurance companies.

Members of the public can submit their comments until January 14, 2025.

This significant rulemaking initiative comes after extensive initial public input and stakeholder sessions held throughout California. At a meeting on November 8, 2024, the board voted to advance the package despite some ongoing questions regarding ADMT regulations and their relation to artificial intelligence (AI). The board believes that continuing the rulemaking process will help refine the details surrounding consumer opt-out rights and various definitions within the ADMT regulations.

To ensure adequate public engagement, the comment period has been extended beyond the usual 45 days, taking into account the holiday season.

Key Components of the Proposed Regulations

  • Automated Decision-Making Technology (ADMT): The proposed regulations aim to empower consumers by granting them rights to access and opt out of businesses’ use of ADMT, enhancing transparency in automated systems that affect consumer choices. These regulations require businesses to notify consumers before using ADMT, explain the underlying logic, and provide clear opt-out options.
  • Annual Cybersecurity Audits and Risk Assessments: Businesses processing personal information with significant security risks will need to conduct yearly cybersecurity audits and comprehensive risk assessments to identify privacy risks related to their operations, particularly those utilizing ADMT or AI.
  • Compliance for Insurance Companies: The regulations clarify obligations for insurance companies under the California Consumer Privacy Act (CCPA), promoting uniform application of the law across various sectors.

Next Steps in the Rulemaking Process

Once the comment period concludes on January 14, 2025, the CPPA will host a hybrid public meeting from 2 p.m. to 6 p.m. PST. Participants can engage either in-person at the CPPA office in Sacramento or virtually.

After reviewing public comments, the CPPA may revise the proposals and schedule a subsequent 15-day comment period, or they could proceed to adopt the regulations as they are. If adopted, these regulations are set to take effect immediately.

For further information about the proposed rulemaking package and to access the public comment portal, please visit the CPPA’s website. Written comments may also be sent via email to [email protected] or submitted by mail to the CPPA’s headquarters.