Privacy Law Update: January 9, 2023
• read
Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!
Newsworthy Updates
Several State Legislatures Introduce Privacy Bills
State Sen. Whitney Westerfield, R-Ky., reintroduced Senate Bill 15 to the Kentucky Senate. The comprehensive privacy bill did not make it out of committee in 2022. Additions to the bill include Global Privacy Control recognition and increased user consent requirements.
New York Senate Bill 365, the New York Privacy Act, was re-filed and assigned to the Senate Committee on Consumer Protection.
Tennessee Senate Bill 73, the Tennessee Information Protection Act, was introduced. The Tennessee General Assembly failed to pass proposed privacy legislation in 2022.
Washington House Bill 1155, the My Health My Data Act, was pre-filed ahead of the 2023 legislative session on Jan. 10. The Office of the Washington State Attorney General requested the bill be run.
2023 brings US state privacy law preparedness into focus
Chatter regarding comprehensive U.S. state privacy law picked up steam once again as the calendar turned to 2023. State legislative sessions are ready to commence and questions are swirling about which states could make a run at, or ultimately pass, legislation. However, the story of 2023 might be more about handling previously passed state laws. A compliance extravaganza kicked off on Jan. 1, as the California Privacy Rights Act and the Virginia Consumer Data Protection Act took force. Laws in Colorado, Connecticut, and Utah will also go live at different points in 2023.
TikTok Ban Passes Senate, Could Result in Removal From Government Devices
Legislation that would keep TikTok off of government devices has cleared the first major hurdle in Congress, passing the Senate with unanimous consent on Wednesday. A companion TikTok ban bill has been introduced in the House but has not yet been taken up.
Cross-context behavioral advertising is ‘sale.’ It is time to get over it.
It seems like at the start of every year there are new privacy laws. The 2020 new year brought us the California Consumer Privacy Act. The 2023 new year will bring us the California Privacy Rights Act and the Virginia Consumer Data Protection Act, with new legislation from Colorado, Connecticut, and Utah arriving a bit later in the year. So yet again, cross-functional privacy teams from across the digital advertising industry are trying to decipher what companies can and can’t do under new state privacy laws in an environment with little precise guidance about how exactly these laws apply to digital advertising and with little time left for interpretation, no less implementation.
Privacy Legislation
IAB Warns Against Rushed Passage of Children’s Privacy Bill: IAB’s Executive Vice President for Public Policy Lartease Tiffith says the trade association – representing over 700 brands, publishers, agencies, ad tech firms, and more across the digital advertising industry – supports children’s privacy, but including significant changes to the Children’s Online Privacy Protection Act (COPPA) in a hurried “omnibus” spending bill risks unintended consequences for internet users of all ages.
South Dakota Enacts TikTok Ban for Government Employees Over National Security Concerns: TikTok will need to be scrubbed from any government devices in South Dakota, as the state becomes the first to ban the app over national security concerns. The prospect of a national TikTok ban has been in the air since the final year of the Trump administration, with the Biden administration as well as Congress and the Committee on Foreign Investment continuing to scrutinize the app for potential risks of it being used as an espionage or propaganda tool by the Chinese government.
OECD Nations Sign Privacy Agreement Aimed At Improving Transparency Into Government Access of Personal Data: The 38 member nations of the Organisation for Economic Co-operation and Development (OECD) and the European Union have signed a notable privacy agreement aimed at improving transparency in government access to personal data held by private companies. The privacy agreement consists of a list of “shared principles” drawn from “commonalities” in existing national laws. OECD includes the United States, Canada, Australia, New Zealand, Japan, Korea, and Mexico among its members, and some of these countries have limited or no data privacy laws at the national or federal level.