At a public hearing this week in Sacramento, it quickly became evident that the California Privacy Protection Agency's new rules under the CCPA regarding certain uses of personal information in AI have left many stakeholders dissatisfied.

Privacy advocates argue the rules are vague, allowing companies to easily bypass stringent requirements such as regular risk assessments and opt-out mechanisms, especially where automated decision-making technology (ADMT) is concerned.

Conversely, businesses and trade associations contend the rules are excessively burdensome, potentially stifling innovation and leading to lower quality products.

Given the global interest in ADMT and AI, along with California's aim to remain a leader in both technology and privacy, there is no question the CPPA will establish its regulatory framework for these critical issues. Whether the balance will favor privacy or innovation remains uncertain, but if the current feedback indicates widespread dissatisfaction, this could suggest that the CPPA is close to achieving what it views as a balanced approach.