California Privacy Protection Agency

Subscribe to California Privacy Protection Agency via RSS

The Attorneys General of California, Connecticut, and Colorado, along with the California Privacy Protection Agency (“the Coalition”) announced on September 9, 2025, that they are banding together as a coalition on an investigative sweep of “potential noncompliance” with Global Privacy Control (GPC), that provides businesses with “an easy-to-use browser setting or extension that automatically signals

This post was co-authored by Mark Abou Naoum, Summer Associate. Mark is not admitted to practice law.

Before assuming his new role as Executive Director for the California Privacy Protection Agency (CPPA), Tom Kemp served as a volunteer policy advisor on the Delete Act in 2023 and California’s 2020 ballot initiative, which amended the California

The California Privacy Protection Agency (CPPA) and Background Alert, Inc. (a California-based data broker) settled allegations that Background Alert failed to register and pay the annual fee required by the California Delete Act. This settlement is part of the CPPA’s investigative initiative announced back in October 2024.

The Delete Act requires data brokers to register

Last week, the California Privacy Protection Agency (CPPA) announced settlements with two data brokers, Growbots, Inc. and UpLead LLC, for failure to register and pay the fees required of a data broker under the California Delete Act.

Growbots is a software company that provides an outbound sales platform to help users find, engage with, and

Last week, the California Privacy Protection Agency (CPPA) announced it will conduct a public investigative sweep of data broker registration compliance under the California Delete Act.

Pursuant to the Act, a “data broker” is “a business that knowingly collects and sells to third parties the personal information of a [California] consumer with whom the business

On Wednesday, the Federal Communication Commission’s (FCC) Privacy and Data Protection Task Force announced a Memorandum of Understanding (MOU) with the California Privacy Protection Agency (CPPA) to establish a federal-state partnership focused on privacy, data protection, and cybersecurity enforcement matters. This partnership will allow the FCC and the CPPA to share resources and align efforts

Across Europe and other countries, there are numerous data protection authorities with differing goals and enforcement powers. Until 2020, when the California Privacy Rights Act (which amended the California Consumer Privacy Act) (collectively the CCPA) went into effect, did the U.S. government or any states have any similar data protection authorities like Europe; then came

The California Privacy Protection Agency (CPPA) recently issued an enforcement advisory encouraging covered businesses to focus on their data minimization obligations related to consumer requests under the California Consumer Privacy Act (CCPA). The advisory categorizes data minimization as a “foundational principle” of the CCPA and reflects the reasons why businesses will apply this principle for

The California Privacy Protection Agency’s (CPPA) highly anticipated regulations for automated decision-making technology and risk assessment requirements are likely far from final. The CPPA met at the beginning of the month but did not come to a consensus on what the final regulations should look like.

The CPPA’s vote was expected to be procedural but

Last week, the California Privacy Protection Agency (CPPA) launched a new website dedicated to providing resources to California residents about their privacy rights under the California Consumer Privacy Act (CCPA). The purpose of this new website is to serve as a central resource for residents to understand their rights and the actions that they can