Washington – The Computer & Communications Industry Association submitted comments this week in response to proposed rulemaking by the California Privacy Protection Agency (CPPA) under the California Consumer Privacy Act, covering updates related to risk assessments, artificial intelligence tools, and automated decision-making technologies.
While CCIA supports strong consumer privacy protections, it raised concerns that the draft rules could create unnecessary burdens for California businesses and confusion for consumers, while offering little additional privacy benefit. The Association’s comments offer targeted recommendations to clarify the rules and reduce regulatory duplication, particularly where federal or other state-level privacy laws already offer protections.
Among the concerns raised by CCIA are overly broad definitions of “automated decision-making technology” and “significant decisions,” which could restrict the use of common technologies like firewalls and fraud prevention tools that don’t actually make determinations about individuals. CCIA also flagged concerns about rigid notice and opt-out requirements, as well as an inflexible checklist-style approach to risk assessments that may not reflect best practices in data protection.
The following can be attributed to CCIA Policy Counsel Jesse Lieberfeld:
“Californians expect meaningful privacy safeguards, but they also deserve rules that are clear, focused, and effective. These proposals risk creating more confusion than clarity for consumers and more red tape than necessary for businesses. We urge the CPPA to refine the rules in ways that protect user privacy while preserving the ability of companies to innovate and provide secure, trusted services.”
