• Privacy Law Update

Privacy Law Update: May 3, 2021


Rick Buck Chief Privacy Officer

Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!

Another interesting week in the privacy world. The two key standouts this week include:

  1. new movement on updated Standard Contractual Clauses and the Privacy Shield program
  2. Florida’s HB969 which was believed to be the next state privacy law died in committee this week.

Newsworthy Updates

New SCCs are coming soon, but a Privacy Shield replacement remains on the horizon

As hard as it is to believe, it has almost been one year since the Court of Justice of the European Union made its decision in the “Schrems II” case. The CJEU struck down the EU-U.S. Privacy Shield agreement while upholding standard contractual clauses, albeit with caveats. Since then, privacy professionals have been waiting for conclusive answers to address trans-Atlantic data flows, and there has been some news on that front over the past couple of months. The European Commission unveiled its draft implementing decision on SCCs in November, and EU Commissioner for Justice Didier Reynders and U.S. Secretary of Commerce Gina Raimondo issued a joint statement last month saying negotiations on a Privacy Shield replacement are “intensifying.”

IDC MarketScape 2021: Recognizes WireWheel as a Leader in Worldwide Data Privacy Management Software

WireWheel has been named a leader in the inaugural “IDC MarketScape: Privacy Management Software 2021 Vendor Assessment (doc #US46858221, April 2021)” for the breadth of its platform and continued innovation in the privacy space.

Technology, data, trust play key role in COVID-19 response

As the COVID-19 pandemic has unfolded over the past year, Microsoft Corporate Vice President and Deputy General Counsel Julie Brill said there has been an unparalleled digital transformation. The company’s collaboration platforms, like Microsoft Teams, saw “enormous growth” of 160% to 170%, Brill said, as those who could shift to working online. “What that meant was we had technology much more in our lives, in terms of how we were working, how we were socializing, how we were engaging with our communities and with our friends and families. What that meant was because there was much more technology involved, there was much more data involved, and because there was more data involved, people started thinking about privacy,” Brill said. “What we’re seeing now is that almost 70% of consumers say they are concerned about how their data is collected in (applications) and various new services they are using. They are thinking about it.”

Pending State Privacy Legislation

  • Florida HB 969 Controversial data privacy bill dies on final day of Florida session. A fight over lawsuit language has led lawmakers to tank a data privacy bill that was among the most heavily lobbied of Florida’s 2021 legislative session, according to three people involved with the measure. The bill initially sailed through committee stops with bipartisan support, but got bogged down in recent weeks as the House and Senate took different versions and could not reconcile differences over the lawsuit provisions. The Senate amended its bill to give lawsuit authority only to Attorney General Ashley Moody, while the House maintained language that would allow any consumer to sue. Those differences ended up sinking the bill. “A Republican legislature was never going to pass the largest private cause of action in the history of Florida,” said a veteran lobbyist involved in killing the bill. This will likely be reintroduced next year.
  • Alaska HB 159 was heard and held in the House Labor and Commerce Committee on April 23 and is scheduled for another hearing in the committee on May 5. The governor, who initially supported this measure, appears to be backing off. The bill would grant consumers the right to know when businesses are collecting personal information, what information is being collected, the right to request collected personal information be deleted and the right to prevent businesses from selling their personal information. The bill would apply to businesses with gross revenues of $25 million or more, those that bought or disclosed personal information of 100,000 or more persons or households or that sold the personal information of a consumer, household or device in the last year. HB 159 would also prevent businesses from disclosing personal information of minors under the age of 13 to a third party and from disclosing or selling the personal information of a minor older than 13 without the consent of a parent or guardian.
  • Colorado SB 190 is scheduled for a hearing in the Senate Business, Labor and Technology Committee on May 5. SB 190 would grant consumers the right to opt-out of the processing of their personal data; access, correct or delete the data or obtain a portable copy of the data. The provisions would apply to legal entities that control or process personal data of more than 100,000 consumers per calendar year or derive revenue from the sale of personal data and control or process the personal data of at least 25,000 consumers. The bill only permits attorney general or district attorney enforcement. SPSC is still working to amend the bill, and the latest redlines are attached.

Future proof your privacy program with WireWheel’s Trust Access and Consent Center and WireWheel’s Privacy Operations Manager.

Request Demo
Rick Buck is the WireWheel Chief Privacy Officer and acts as a Privacy Advisor to WireWheel clients, helping them with the implementation and optimization of their privacy programs. Over the past 20 years, Rick has…