Consumer Electronics Daily was a Warren News publication.

Calif. Board Posts Revised Draft Privacy Rules

The California Privacy Protection Agency (CPPA) board released modified draft regulations to implement changes to state privacy rules required by the 2020 California Privacy Rights Act. The CPPA posted the modified text and an explanatory document Monday, before a planned Friday-Saturday meeting (see 2210110013). “The purpose(s) for which the personal information was collected or processed shall be consistent with the reasonable expectations of the consumer,” said one addition. Such expectations are based on the relationship between the consumer and the business, the “type, nature, and amount of personal information that the business seeks to collect or process,” the information’s source and the business’ collection and processing method, the “specificity, explicitness, and prominence” of consumer disclosures and the “degree to which the involvement of service providers, contractors, third parties, or other entities in the collection or processing of personal information is apparent to the consumer.” A business’ collection, use, retention or sharing of personal data should be “reasonably necessary and proportionate,” said another addition. That takes into account whether a business collected the minimum amount of data needed, possible negative impacts to consumers, and safeguards to address possible problems, the updated rules said. Clarifying rules on dark patterns, the modified draft states, “A business’s intent in designing the interface is not determinative in whether the user interface is a dark pattern, but a factor to be considered.” Future of Privacy Forum Senior Counsel Keir Lamont tweeted, “Be on high alert for the board to approve these modified regulations, triggering a public comment period, potentially lasting as little as 15 days.”