You didn’t return any results. Please clear your filters.
California’s Privacy Protection Agency is a new type of regulator
GDPR & privacy lawUnited States
To enforce the California Privacy Rights Act, one of the strictest in the US, the state’s government has learned some things about privacy when setting up the new agency to police technology.
A new phase of regulation
Technology is now central to most people’s lives, with vast quantities of personal data entrusted to companies; many governments and even companies will be interested to see the progress – charted here by the New York Times. But it’s also a story about when creating something without precedent it helps to look for inspiration in unconventional places.
At the same time as the 2020 general election, California’s voters voted to enshrine in law the right of consumers to prevent businesses from sharing their personal data, correct inaccurate personal data, and limit “sensitive personal information” from being used in some business contexts.
It also creates the California Privacy Protection Agency, an agency that will be more active in enforcing laws, and investigating breaches, similar to the national data protection agencies across Europe. But it also represents a wider trend toward more active, hands-on regulation.
Similar ideas are in train with the Digital Markets Unit in the UK, which is a more competition-focused form of this regulator. The European Union is likely to also follow this route with such provisions included in the package of legislation that sits across the Digital Markets and Digital Services Acts.
Speaking to the NY Times, the agency’s executive director, Ahskan Soltani, a veteran privacy expert, explains how he spoke to very different kinds of regulators – like the state’s Horse Racing Board – when setting up his 30-person department.
It is also tasked with coming up with the rules it will need to enforce, a process that it is now undertaking.