The California Privacy Protection Agency unveiled draft regulations that focus on topics ranging from opt-out preference signals to consumer complaints as companies gear up for the bulk of the California Privacy Rights Act to take effect Jan. 1.
This first batch of draft rules touches on a number of the 22 topics listed for rulemaking under the CPRA, but does not address cybersecurity audits, risk assessments, or the opting-out of automated decision-making technology.
The draft rules make clear that companies must honor opt-out preference signals, which are a way for consumers to share their desires with multiple companies instead of ...