On November 3, 2020, the United States not only elected a new president, its largest state also voted to adopt the most sweeping privacy law in the nation, the California Privacy Rights Act (“CPRA”). The new law, which expands the privacy rights and protections created by the California Consumer Privacy Act (“CCPA”), incorporates many concepts from the European Union General Data Protection Regulation (“GDPR”), including its treatment of “automated-decision making.” That term is not defined in the CPRA or in the GDPR, but is generally understood as “making a decision solely by automated means without any human involvement.”1 In other words, the CPRA will permit California to regulate decisions made by certain artificial intelligence (“AI”) functions and applications if the new state agency created by the CPRA, the California Privacy Protection Agency (the “CPPA”), decides to pursue that strategy, which it should.
To read the full article, click here.