• Privacy Law Update

Privacy Law Update: July 12, 2021


Rick Buck Chief Privacy Officer

Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!

Newsworthy Updates

Biden Executive Order Calls For Scrutiny Of Mergers, Data Privacy

U.S. President Joe Biden signed an executive order to promote competition in the American economy. The executive order includes a shift toward a greater scrutiny of mergers, “especially by dominant internet platforms, with particular attention to the acquisition of nascent competitors, serial mergers, the accumulation of data, competition by ‘free’ products, and the effect on user privacy.” It also encourages the U.S. Federal Trade Commission to establish rules on surveillance, data accumulation and “barring unfair methods of competition on internet marketplaces.”

Privacy Shield Negotiations Are Progressing

As the one-year anniversary of the Court of Justice of the European Union’s “Schrems II” decision approaches, the privacy industry has seen a wave of developments on international data transfers. However, one important element of the “Schrems II” ruling still needs to be addressed: a replacement to the EU-U.S. Privacy Shield agreement. During an IAPP LinkedIn Live event, U.S. Department of Commerce Deputy Assistant Secretary for Services Christopher Hoff, CIPP/E, CIPP/US, CIPM, offered a window into the progress on the Privacy Shield talks, assuring privacy professionals the negotiations are not stuck at the starting line

People’s Republic of China Passes the Data Security Law: A Summary of What We Know

On June 10, 2021, almost exactly three years after the passing of its Cybersecurity Law (CSL), the National People’s Congress of China passed a new Data Security Law (DSL) (click here for an unofficial English translation of the DSL), which goes into effect September 1, 2021. Where the CSL is primarily focused on cybersecurity for Critical Information Infrastructure (CII) operators and network operators, the DSL was promulgated in order to regulate data processing activities,  promote data security, protect the lawful rights and interest of individuals and organizations, and safeguard national sovereignty, security, and development interests. (Article 1). The scope of the DSL is quite broad, and without clarifying regulations or guidance, the law lacks significant detail on how companies should comply, leaving many open questions in advance of the September 2021 effective date.  While it is expected that the relevant authorities in China will issue guidance and formulate certain corresponding regulations, it is clear that given the sweeping scope and broad territorial reach of the DSL, the DSL may have far-reaching implications for many companies.

Why Data Privacy Is a People-Centric Problem

Attitudes about data privacy are changing. For one thing, consumers are increasingly vocal about how their data is used. For another, organizations are beginning to recognize that data privacy actually expands business opportunities. Of course, all of this is taking place against a more onerous backdrop: a spate of privacy regulations, including the likes of GDPR, CCPA and the Virginia Consumer Data Protection Act.

Dealing with today’s regulatory environment is a formidable challenge since it requires two distinct sets of capabilities: discovering sensitive consumer data stored in enterprise systems and tying it back to each individual to whom it belongs. While traditional methods of discovering and classifying data have been used to find personally identifiable information (PII), they were never designed to map all of this information back to its owner and address these evolving regulatory requirements.

Kill The Standard Privacy Notice

Today’s online consumer is drowning indeed — in the deluge of privacy policies, cookie pop-ups, and various web and app tracking permissions. New regulations just pile more privacy disclosures on, and businesses are mostly happy to oblige. They pass the information burden to the end user, whose only rational move is to accept blindly because reading through the heaps of information does not make sense rationally, economically or subjectively. To save that overburdened consumer, we have only one option: We have to kill the standard privacy notice.

Pending Privacy Legislation

  • Colorado SB 190 was signed into law by Democratic Gov. Jared Polis on July 7.
  • New York Privacy Act (S 6701) failed to pass
  • State legislative activity continued to slow down as state legislative sessions ended in Arizona, Colorado Connecticut, Delaware, Illinois, Louisiana, Nevada, New Hampshire, New York, Oregon, and Rhode Island.
  • IAPP Privacy Law Tracker

Future proof your privacy program with WireWheel’s Trust Access and Consent Center and WireWheel’s Privacy Operations Manager.

Request Demo
Rick Buck is the WireWheel Chief Privacy Officer and acts as a Privacy Advisor to WireWheel clients, helping them with the implementation and optimization of their privacy programs. Over the past 20 years, Rick has…