This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Insights Insights
| 1 minute read

New Privacy Regulations Approved in California

After a drawn-out process, and with very little time to go before a mandatory enforcement deadline, California's regulators have approved a set of regulations designed to implement the state's "privacy 2.0" law, CPRA, which took effect this year. The law specifically provided that regulators would provide additional guidance/requirements on how to operationalize certain of its requirements. Enforcement of these new regulations will begin July 1st of this year.

Why It Matters

Companies that have spent the last five years updating their internal processes and external privacy disclosures to comply with EU and then California rules are wearying of the ritual. 2023 and 2024 will not afford them much rest, however: the new California regs will come into effect, as will new privacy laws in four other states.  

Even if your company has updated its privacy mechanisms to comply with CCPA (the "privacy 1.0" regime in California), we recommend a review of your website and other services, together with your privacy policy, to be sure they meet the requirements of the new regulations and the laws that will follow in other states.  

Specific changes contained in the new California regulations could affect how much data a business can collect and use, how to offer an opt-out for sharing or sale of data or use of "sensitive" data, how notice is given on different devices/platforms to increase its accessibility, the contents and specificity of required notices, and the conditions under which the business or its commercial partners may target advertising to users. 

The finalized rules contain no substantive changes to the final draft submitted by the CPPA to the OAL in February. The first rulemaking package addresses regulations concerning data processing agreements, consumer opt-out mechanisms, mandatory recognition of opt-out preference signals, dark patterns and consumer request handling.


data security and privacy, hill_mitzi, insights