I would agree in large part with Mr. Kardash.
When I was commissioner and we were seized with this matter, we had not seen the measures taken by companies to anonymize the information. In short, de-identified information is still personal information and requires consent.
Do the consent provisions need to be improved in the CPPA? Yes, they do, but that's in the scenario of de-identified information. If the information is truly anonymized, it is no longer personal. It is no longer at risk and can be shared more freely.