The California Privacy Rights Act of 2020 (“CPRA”) established the California Privacy Protection Agency (“CPPA”). The CPPA has full administrative power and authority to implement the CCPA and CPRA, which basically means that the CPPA will be in charge of updating regulations and adopting new regulations, while enforcement of these regulations will be done by both the CPPA and the Attorney General’s office.
Me2BA appreciates the CPPA’s initiative and acknowledges the difficult path ahead for this new agency. When the CPPA published an invitation for preliminary comments on their proposed rulemaking the Me2BA jumped into action. Overall, we were pleased to see the breadth of topics covered in the CPPA’s initial batch of questions.
Our feedback centered around key themes such as:
- Improving the labeling of websites and mobile apps to better disclose potential harms and risks,
- Addressing the complexities of auditing, offering suggestions based on our experiences in both establishing objective measurement criteria and performing audits,
- Ensuring alignment with global terminology and industry standards,
- Underscoring the importance of the Me2B relationship and lifecycle as context in evaluating the behavior of technology, particularly as it relates to identification of users.
Me2BA was happy to have an opportunity to share our knowledge and experience in product testing with policymakers. Our response was nearly 14 pages long and really only scratched the surface of many of the complicated areas raised by the CPPA.
We will continue to lend our support in the hope that it will encourage the adoption of practices that will lead to a safe and just digital world.