Privacy Law Update: January 30, 2023
When we next see a public version of the American Data Privacy and Protection Act, it will be considered before a U.S. House of Representatives group called the Subcommittee on Innovation, Data, and Commerce. You can be forgiven for not recognizing the name. This is a re-brand of the subcommittee most recently known as Consumer Protection and Commerce. Before that, it was called the Subcommittee on Commerce, Manufacturing, and Trade. No matter what we call it, this branch of the Energy and Commerce Committee is the first forum in the House for consumer protection and trade issues, including oversight of the U.S. Federal Trade Commission and consumer privacy bills.
Two comprehensive privacy bills were introduced to the Hawaii Senate. A subcommittee of the Iowa House Committee on Economic Growth and Technology passed Iowa House Study Bill 12, an act on consumer data protection. The Massachusetts Legislature will consider two additional, comprehensive privacy bills. Senate Bill 1971, the Massachusetts Information Privacy and Security Act, and House Bill 3245, the Internet Bill of Rights, both take aspects from the EU General Data Protection Regulation.
The Indiana Senate Committee on Commerce and Technology voted 11-0 to advance Senate Bill 5, an act concerning consumer data protection. State Sen. Sharon Carson, R-N.H., introduced Senate Bill 255, an act relative to the expectation of privacy. State Rep. Shelly Kloba, D-Wash., reintroduced House Bill 1616, the Washington People’s Privacy Act.
Office of the Privacy Commissioner of Canada published a guide with five tips for improving privacy impact assessments. The OPC found the missteps organizations take when conducting PIAs include not understanding their legal authority to collect certain personal data, defining the scope of a PIA for “clear analysis,” and creating and implementing an action plan based on the PIA.
The fate of Meta’s data transfers to the U.S. could hinge on an Article 65 dispute resolution mechanism in the EU, after Ireland’s Data Protection Commission was unable to resolve objections from other EU data protection authorities to its draft enforcement decision.
Euractiv reports the Council of the European Union is drawing closer to a consensus position on the proposed European Health Data Space. The council’s Working Party on Public Health agreed on amendments to the European Commission’s proposed provisions regarding secondary use of data, including withholding data for the purposes of public security and national security. Member states also proposed new criteria for health data access entities to allow or limit access to health data.
National Review Privacy Predictions for 2023 To celebrate Data Privacy Day, we present our top ten data privacy and cybersecurity predictions for 2023.
Kenyan president announces ‘data protection registration system,’ digital ID requirement: Kenyan President William Ruto announced the formation of a “data protection registration system” as part of the country’s observation of global Data Privacy Day, The Star reports. Ruto made the announcement as part of a two-day event in Nairobi that connected “stakeholders from government agencies (and) private and public sectors… to help to raise awareness and promote privacy and data protection best practices.” Meanwhile, Pulse Live Kenya reports Ruto said Kenyan citizens will eventually need digital identification as the government digitizes approximately 5,000 services.