Privacy Law Update: February 14, 2022
The Federal Trade Commission is under mounting pressure to kick off long-anticipated federal rules protecting personal information collected by companies amid delays with President Joe Biden‘s pick to fill the deadlocked agency’s vacant seat. Advocacy groups are looking to the commission for policy action amid years of stalled negotiations in Congress over a national privacy law and a growing patchwork of state laws imposing new compliance obligations on companies.
After years of consumers happily surfing the web and using apps with reckless abandon, data privacy became a “thing” in 2021. Thanks in part to Apple’s efforts to provide consumers with greater knowledge about and a greater say in how their data is used, people got a wake-up call when their favorite apps and websites started asking them to agree to cookies or to make their privacy preferences known — a reminder that companies track their online behaviors.
Just weeks after the Austrian Data Protection Authority’s ruling that Google Analytics use violates the EU General Data Protection Regulation, France’s data protection authority, the Commission nationale de l’informatique et des libertés, has reached a similar decision. The CNIL ruled data collection and transfers to the United States using Google Analytics “are illegal,” also stating its investigation extends to other tools that result in the transfer of data to the U.S. IAPP Staff Writer Jennifer Bryant has the latest reaction to the decision.
Israel is recognized around the world as an important technology hub. It is home to hundreds of large, multinational tech corporations operating substantial local research and development, sales, and management activities. It is the incubator for thousands of startups, dozens of which are publicly traded unicorns. And it boasts an environment where innovation is fostered, growth achieved and the commerce of modern industries flourishes on a global scale. Because data is a core asset in many tech ventures, Israel is also a jurisdiction worth monitoring from a data protection perspective — and 2022 will likely be a turning point for privacy laws in Israel.
This week four new comprehensive privacy bills (Arizona, Connecticut, Wisconsin, and Iowa) were introduced. There are now approximately 40 pending bills across 23 states.
Arizona: On February 7, Representative DeGrazia and 5 other Democratic Sponsors introduced HB 2790. This is a fairly unique privacy bill that includes consumer rights to “restrict processing of personal data”, “object to the processing of personal data”, and would place substantive limits on certain profiling decisions. The Act disclaims any private right of action arising under its terms.
Connecticut: On February 9, SB 6 an Act “Concerning Personal Data Privacy and Online Monitoring” was introduced by 19 Senators. Committee staff informs us that formal language has not yet been added to the bill but will come soon. We understand that the forthcoming bill is the product of Senator Maroney’s (D) summer working group with stakeholders.
Iowa: SF 2208 was introduced by Sen. Nunn (R) and HSB 674 was introduced by Rep. Lohse (R) on February 8. On February 9th the House bill received a favorable Information Technology Subcommittee recommendation by a 2-0 vote. These bills are essentially the VCDPA.
Wisconsin: SB 957 was introduced on February 9 by 4 Republican Senators. This bill is essentially the VCDPA and already has a House companion (AB 957). Separately, SB 977 was introduced on February 9 by 5 Democratic Senators. This is a CCPA-style bill.
- IAPP State Privacy Law Tracker
- IAPP Federal Law Tracker
- IAPP Chart Compares Us Privacy Legislation Proposals