Across Europe and other countries, there are numerous data protection authorities with differing goals and enforcement powers. Until 2020, when the California Privacy Rights Act (which amended the California Consumer Privacy Act) (collectively the CCPA) went into effect, did the U.S. government or any states have any similar data protection authorities like Europe; then came the California Privacy Protection Agency (CPPA).

The CPPA was the first, and still the only, U.S. state agency dedicated to consumer privacy rulemaking and enforcement. With its role as the sole consumer privacy regulatory agency, the CPPA has increased its cooperation with data protection authorities across the globe, which may influence rulemaking and enforcement by the CPPA. While the CPPA’s mandate for international cooperation is not regulated by the CCPA, the CCPA does provide that funds accrued from enforcement fines and penalties may be used to support cooperative programs with

international law enforcement organizations to combat fraudulent activities with respect to consumer data breaches. It is now clear that the CPPA is interested in boosting its involvement and cooperation with international data protection agencies.

The CPPA is a member of (or simply cooperating with) many international authorities and bodies, including the Global Privacy Enforcement Network and the Global Privacy Assembly. The CPPA was also voted into the Asia Pacific Privacy Authorities forum. Recently, the CPPA and France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés, signed a declaration of cooperation for joint research and to share information and convene meetings. While the CPPA’s cooperation with international authorities can unfortunately not be mimicked in the U.S. (since the CPPA is the only dedicated data protection authority in the U.S.), more state regulators in the U.S. have been engaging with one another and sharing information to promote the interpretation of certain consumer privacy law provisions within different U.S. states in the same or similar way. For now, the CPPA will likely continue to exchange information with authorities around the globe to stay apprised of the trends in this ever-evolving consumer privacy space.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.