Privacy Law Update: December 5, 2022
• read
Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!
Newsworthy Updates
How the IAB Multi-State Privacy Agreement Can Help Advertisers Meet their 2023 Privacy Challenges
The IAB Multi-State Privacy Agreement (MSPA) is an industry contractual framework intended to aid advertisers, publishers, agencies, and ad tech intermediaries in complying with five state privacy laws that will become effective in 2023.
A View From DC: 3 Out of 5 Attorneys General Prefer Data Minimization
From the outset of its lengthy rulemaking process, the U.S. Federal Trade Commission has been clear about the endeavor’s multiple overlapping goals. In addition to crafting eventual rules on data security or commercial surveillance, the FTC seeks to establish a robust public record of comments from a wide variety of stakeholders. Such a record may well help to inform policy making and enforcement activities, even beyond the four walls of the commission. It can also provide businesses with important signals about the evolution of best practices in the modern privacy landscape.
Risk-Based Approach to International Data Transfers Necessary to the Future of Cross-Border Data Flows Under GDPR
In the wake of the Schrems II decision, the EU’s lead data regulators have largely adopted an absolutist view that any potential for harm due to interception by a foreign government (even if trivial) is a GDPR violation and that these governments must demonstrate parity with the bloc’s data privacy laws before they can become a trusted partner. A new paper from global law multinationals DLA Piper and Clifford Chance lays out the case for a risk-based approach to these international data transfers, arguing that the status quo is too onerous and that data exporters are suffering from unfair burdens under an “unlawfully strict” interpretation of the Schrems ruling.
Fourth Draft of India Data Protection Bill Proposes Government Exception From All Provisions
India’s journey toward a national data protection bill has been going on for over four years, in fits and starts as drafts have been proposed and then subsequently shot down. The latest draft looks to be no less contentious, as it adds vital protections but also exempts the country’s government from all of its terms and appears to give tech platforms a fairly free hand in sending citizen data overseas.
Privacy Legislation
California Privacy Rights Act: The new CPRA was approved by voters in the November general election and officially became law on December 16, 2020, five days after election results were certified. The CPRA substantially amends and amplifies the requirements of the CCPA, bringing California privacy law closer, in many respects, to Europe’s GDPR.
Australia passes Privacy Legislation Amendment Bill 2022: The Parliament of Australia approved final passage of the Privacy Legislation Amendment Bill 2022. The bill amends the Privacy Act of 1988 to increase data breach fines to AU$50 million, or penalties based on data monetization and 30% of adjusted quarterly turnover under a new three-factor penalty scheme. Australian Information Commissioner and Privacy Commissioner Angelene Falk said the changes create “closer alignment with competition and consumer remedies” under the EU General Data Protection Regulation and “facilitate engagement with domestic regulators and our international counterparts to help us perform our regulatory role efficiently and effectively.”