Updates

CPPA Votes to Advance Draft Regulations on ADMTs, Risk Assessments, and Cybersecurity

November 8, 2024

The California Privacy Protection Agency (CPPA) voted today to advance to formal rulemaking the draft regulations for automated decision-making technology (ADMT), risk assessments, and cybersecurity audits. EPIC testified today in support of these draft regulations.

The regulations would put guardrails in place around the use of ADMTs and increase transparency and accountability through required risk assessments. The regulations would give consumers various rights related to businesses’ use of ADMTs, including requiring businesses to notify consumers of use of ADMT, responding to consumers’ requests for information about automated decisions, and providing consumers with the ability to opt-out of certain uses of automated decision-making. The CPPA will accept public comment on the draft regulations in the coming months as part of the formal rulemaking process. 

EPIC regularly files comments and advocates for stronger privacy and consumer protections before the CPPA. EPIC provided extensive input on CCPA regulations in November 2021May 2022August 2022November 2022March 2023, and August 2024, arguing for consumer-friendly interpretations of the CCPA to guard against exploitative commercial data practices. EPIC also published an analysis of the CPPA draft regulations involving risk assessments. 

Support Our Work

EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.

Donate