Washington – The Computer & Communications Industry Association will testify before the California Privacy Protection Agency to address concerns about the new proposed regulations under the California Consumer Privacy Act (CCPA). CCIA supports balanced privacy regulations that protect both consumers and businesses, and expressed concerns that two aspects of the proposed rules are problematic. CCIA noted that some of the proposed profiling provisions and automated decision-making technology (ADMT) requirements exceed the CCPA’s scope.
Unlike other state privacy laws, which limit profiling regulations to significant decisions like credit approval, housing, and employment, the CCPA imposes broader opt-out rights and risk assessment requirements, even for use of data that is already public. These requirements create operational challenges, particularly for small businesses and startups, while imposing compliance burdens that do little to enhance consumer privacy protections.
As for the Act’s rules regarding ADMT requirements, CCIA said the provisions require businesses to conduct risk assessments even for internal model training when no significant decisions affecting consumers are involved.
The following can be attributed to CCIA Policy Counsel Jesse Lieberfeld:
“California has an opportunity to set a national standard for privacy protections that work for both consumers and businesses. We urge lawmakers to refine these rules to still allow data to be used for internal model training since that is not impacting consumers or decisions about them.
“While the association supports existing CCPA rules that give consumers control over their data, such as opt-out rights and data correction, the proposed changes go beyond these protections. Instead, they risk stifling innovation and making it harder for businesses to improve technologies through low-risk data processing, without offering meaningful privacy benefits to consumers.”
