The California Privacy Protection Agency votes to adopt new regulations for data brokers

On November 8, 2024, the California Privacy Protection Agency (CPPA) Board voted to adopt new regulations concerning data broker registration. The new registration regulations will be filed with the Office of Administrative Law for a final review and, if approved, will go into effect on January 1, 2025.

Requirements for data broker registration within California is not a novel concept, with the California Delete Act already offering a mandate that all data brokers register with the CPPA, but these new regulations clarify the existing obligations laid forth in the Delete Act and streamline the process. Specifically, the new regulations include provisions pertinent to clarifying registration requirements, mandating data brokers to disclose certain information regarding their exempt data collection practices, and clarifying the administrative procedures associated with registration.

Among the notable provisions within the Delete Act include the requirement of annual registration for data brokers and the administrative penalties for failure, stringent disclosure requirements with regards to  businesses’ collection and use of minors’ data, reproductive health care data, and precise geolocation data, and a key focus on the right of California residents to request deletion, reflecting the CPPA’s interests in consumer control of data and protection of sensitive data. It is important to note that the proposed regulations do not amend the provisions of the Delete Act but rather supplement, explain and clarify the provisions of the Delete Act for the sake of enhancing compliance with existing data broker obligations.

A copy of the proposed regulations can be found on the CPPA’s website here.

If you have any questions about your company’s compliance with cyber regulations, concerns about vulnerability to attacks or other breaches, or if you want to learn more about proactive cybersecurity defense, contact a member of McDonald Hopkins’ national data privacy and cybersecurity team.

Jump to Page

McDonald Hopkins uses cookies on our website to enhance user experience and analyze website traffic. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. By continuing to browse our website, you agree to our use of cookies as detailed in our updated Privacy Policy and our Terms of Use.