Welcome to Consumer Reports Advocacy

For 85 years CR has worked for laws and policies that put consumers first. Learn more about CR’s work with policymakers, companies, and consumers to help build a fair and just marketplace at TrustCR.org

Consumer Reports Submits Comments on the California Privacy Protection Agency’s Preliminary Rulemaking on Cybersecurity Audits, Risk Assessments, and Automated Decisionmaking

Consumer Reports submitted feedback to the California Privacy Protection Agency (CPPA) in response to its Invitation for Preliminary Comments on Proposed Rulemaking on Cybersecurity Audits, Risk Assessments, and Automated Decisionmaking. As part of its statutory authority under the California Privacy Rights Act, CPPA may issue regulations on a number of issue areas not otherwise detailed in the law. CPPA previously issued broader regulations to update the regulations that governed the California Consumer Privacy Act (CCPA), which the CPRA succeeded on January 1 of 2023.

Consumer Reports advocated that CPPA emphasize enforcement of cybersecurity audits and risk assessments to ensure their utility as accountability mechanisms. CR also urged CPPA to consider how it can proffer meaningful opt out and explainability rights relative to automated decisionmaking systems that produce legal or similarly significant effects.

To learn more, please read the attached comments.