The California Privacy Protection Agency, the California Attorney General’s Office, the FCC, the Federal Trade Commission, and more are embracing a collaborative approach. They all talk with each other.

That is according to CPPA Executive Director Ashkan Soltani, who spoke with Travis LeBlanc during the International Association of Privacy Professionals Global Privacy Summit.

On enforcement:

  • There is an ongoing sweep on connected vehicles and one re: data minimization in the consumer requests space
  • There is a big push on public awareness to provide resources for individuals
  • The kid gloves are off. There is no right to cure. There are enforcement advisories that can help with guidance, but there is no right to cure. This is especially the case regarding the parts that have been on the books since the CCPA went into effect.
  • Auditing is an important part of compliance.
  • Enforcement advisories shine the light on sections in the law that the CPPA is paying attention to. They are not binding, but the underlying regulations are … .

On draft regs:

  • Re the draft: rules on cyber audits, DPIA, ADMT and the new new regs: the regulatory process has started, including a statement of reasons and an economic analysis to be presented to the board in July. At that time, it may move to formal rulemaking. After that, it’ll take another 9-12 months until the rules are finalized (so looking at potentially July 2025)
  • Additional regs may be advanced if the board so directs.
  • CT AG said in a conference that they aren’t doing regulation, but rather looking to CA and CO regulations

On AI:

  • The rules only deal with AI that touches personal information. (No AI without PI) There are 50+ bills in CA on various aspects of AI regulations.