Articles

28Nov

CPRA Regulations Nearly Complete as Insights Association Makes Final Recommendations

The leading trade association for the insights industry shared in its final thoughts with California’s regulator on rules implementing the California Privacy Rights Act (CPRA), particularly noting that it does not believe that the drafters of the law intended to restrict audience measurement and expressing concerns about the quick turnaround between the rules' completion and their enforcement.

CPRA, the new comprehensive state privacy law overwriting CCPA, comes into effect on January 1, 2023, with enforcement starting July 1. 
The latest proposed draft rules differ slightly from the version IA looked at in late October.

The Insights Association’s final comments to the CPPA about CPRA reiterated the insights industry’s previous concerns (relayed on August 11, 2022, and November 8, 2021), IA specifically drilled down again on the need for preferential treatment for audience measurement, noting that:

the current regulations prohibit service providers from combining personal information received from businesses with personal information received from the service provider’s own interactions with consumers unless it has a valid ‘business purpose’ for combining the information. Because audience measurement is not included in the list of business purposes, this effectively amounts to a ban on critical audience measurement activities. We do not believe the CPRA’s drafters intended to regulate these types of activities. To that point, draft federal legislation and extant state privacy statutes already make an accommodation for audience measurement. Accordingly, we again strongly urge the Agency to follow the lead of federal and other state legislators and add audience measurement to the express list of business purposes.

Read IA’s full November 16, 2022 comments on the CPRA rules.

Given that the California Privacy Protection Agency (CPPA) is tardy in issuing rules for businesses to follow, the Insights Association and our California Chamber of Commerce allies earlier warned, on November 2, that "California businesses are being placed in the untenable position of being required to comply with and effectuate the CPRA starting January 1st, without having been provided all of the final regulations necessary to do so. This is hugely problematic, not only as an operational matter, but also as a legal one." The agency has at least recently indicated that it will consider how soon after January 1 an alleged infraction occurs when considering an investigation, and may also consider “good faith efforts” at compliance. However, we still fail to understand "how a law that cannot be implemented by its effective date, let alone implemented properly, protects consumers or takes into consideration impact on businesses. Stated plainly, the problem identified has nothing to do with the intentions and good faith efforts of businesses to comply; it has to do with the delayed regulations of this Agency. Yet, the ones who will feel the consequences of that failure are businesses, their employees and the consumers they serve."

About the Author

Howard Fienberg

Howard Fienberg

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.

Attachments

  1. IA-CPPA-comments-on-CPRA-11-16-22.pdf 11/28/2022 8:21:43 PM
  2. 2022CPPALetterNov3.pdf 11/28/2022 8:31:25 PM

Related

Clarifications from Colorado Attorney General Would Ease Insights Industry Compliance with Colorado Privacy Act

Clarifications from Colorado Attorney General Would Ease Insights Industry Compliance with Colorado Privacy Act

With Colorado’s new comprehensive privacy law coming into effect this summer, the Insights Associat...

Read More >
Lawsuit Against New Minors Privacy Law in California

Lawsuit Against New Minors Privacy Law in California

An internet industry association has sued to enjoin and invalidate a new minors privacy law, the Cal...

Read More >
Fighting for You: January 2023 Legislative and Regulatory Update

Fighting for You: January 2023 Legislative and Regulatory Update

As America readies for the grand finale of another football season, we are just beginning our year-l...

Read More >
Privacy for America Responds to Proposed Financial Privacy Rules from CFPB

Privacy for America Responds to Proposed Financial Privacy Rules from CFPB

In response to proposed rules from the U.S. Consumer Financial Protection Bureau (CFPB) on data acce...

Read More >
New Jersey A. 4919 - Children's Data Protection Commission

New Jersey A. 4919 - Children's Data Protection Commission

New Jersey Assemblymember Herb Conaway Jr. (D-NJ-07) introduced A. 4919, legislation modeled on the ...

Read More >
Oklahoma Computer Data Privacy Act of 2023 - H.B. 1030

Oklahoma Computer Data Privacy Act of 2023 - H.B. 1030

Oklahoma Rep. Josh West (R-OK-5) introduced the Oklahoma Computer Data Privacy Act (H.B. 1030), comp...

Read More >
Members only Article - Please login to view