Privacy Law Update: March 13, 2023
Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!
Does the CCPA as Modified by the CPRA Apply to Your Business?
The California Consumer Protection Act has been in effect since Jan. 1, 2020 and the California Privacy Rights Act, which modified the CCPA, went into effect Jan. 1, 2023. Now that the CPRA is in effect, one of the questions businesses are concerned about is the modification of the CCPA threshold test of “what is a business,” and the implications this modification for small businesses, e.g., those under USD25 million in annual revenue, in light of the new compliance requirements for business-to-business and employee personal information.
The mismanagement of user consent data and its consequences
The right to control data sharing is the cornerstone of digital privacy regulation. Almost all key pieces of data privacy and security legislation, from the EU General Data Protection Regulation to the California Privacy Rights Act, include special provisions that allow consumers to control what data they share with digital vendors and what vendors and subsequent third parties have access to this data.
International data transfers: Time to rethink binding corporate rules
In its recent guidance from December 2022, the European Data Protection Board provided draft guidance with updated interpretations and requirements regarding the use of the binding corporate rules transfer mechanism. In doing so, the EDPB missed an opportunity to address BCRs in a systematic, strategic, and forward-thinking way, and to enable this important transfer mechanism to evolve into a more scalable, powerful, and globally relevant tool for sustainable international data transfers.
Leading MEP enraged by Swedish presidency’s neglect of ePrivacy Regulation
Euractiv reports European Parliament’s ePrivacy Regulation rapporteur Birgit Sippel called on the Swedish Presidency of the Council of the European Union to give attention to the long-stalled proposal. In her letter to Swedish leadership calling for a meeting on the proposal, Sippel said “it seems crucial to me that we now make progress on this legislative act” as the EU presses forward with its digital strategy. The ePrivacy Regulation was first proposed in 2017, but issues over law enforcement access and retention with digital communications data plagued EU institutions’ trilogue negotiations.
Inadvertent Data Destruction After a Cyberattack Can Violate EU Privacy Rules
An Irish medical group was fined nearly $500,000 by the country’s data protection commissioner for incident response missteps.
Federal Data Privacy Legislation will Remain Over the Horizon: 2022 looked set to be a watershed year for privacy. The American Data Privacy Protection Act (ADPPA) was introduced in Congress — with significant bipartisan support, no less. If enacted, the bill promises to:
- Prohibit companies from collecting any more data than they need to provide their services.
- Apply to any entity (including sole proprietors, nonprofits, and common carriers) collecting, processing, or transferring “covered data” (i.e. any data that identifies a person or could be linked or reasonably linked to them).
- Give Americans rights over how their personal data is used and allow them to access, port, correct and delete their data.
If it became law, a bill like ADPPA would profoundly change the U.S. privacy landscape. But it is unlikely to pass next year.
Special interests threaten to hijack financial data privacy legislation: The rapid march of technology has paved the way for a slew of privacy challenges that lawmakers have struggled to address. Consequently, data privacy is a growing concern for Americans finding it difficult to control their personal information. Rep. Patrick McHenry, North Carolina Republican and chairman of the House Financial Services Committee, recently introduced the Data Privacy Act of 2023 to give consumers more control over how their personal information is used by financial institutions. Still, special interests are threatening to turn the bill into a vehicle for self-enrichment.