Thank you very much for the question. It's a very good one.
One of the concerns I have about the CPPA, in particular, is that it creates these ambiguous new standards and requirements with open-ended tests, such as what would be appropriate or what a reasonable person would think. This is very hard for any organization that seriously wants to comply to know how to comply. “Appropriate Purposes” is a good example.
As for “minor”, I think it would be useful to have a common definition that applies throughout.
In terms of “sensitive information”, I think there are already sufficient cases for what “sensitive” is. I think “sensitive” is contextual, depending on the circumstances. There is a lot of guidance from the Privacy Commissioner on that. I don't think it would hurt to have criteria, but I think the courts are well suited to figuring that one out.