Privacy Law Update: September 12, 2022
The U.S. Federal Trade Commission said it would follow the letter of the law when it announced its Advance Notice of Proposed Rulemaking concerning commercial surveillance and lax data security in August, which meant a robust stakeholder consultation to come. That process began in earnest with an exchange of perspectives from relevant parties at the FTC’s virtual public forum Sept. 8.
Liz Truss has succeeded Boris Johnson as the U.K.’s next prime minister. Truss previously served as Trade and as Foreign Affairs Minister in Johnson’s government. Truss has appointed Michelle Donelan as Secretary of State for Digital, Culture, Media and Sport. In this role, Donelan and her ministerial team will oversee U.K. data protection reform initiated by DCMS a year ago. However, its fate is uncertain at the moment as further discussions were postponed.
The Information Commissioner’s Office (ICO) has published draft guidance on privacy-enhancing technologies (PETs) to help organizations unlock the potential of data by putting a data protection by design approach into practice. PETs are technologies that can help organizations share and use people’s data responsibly, lawfully, and securely, including by minimizing the amount of data used and by encrypting or anonymising personal information. They are already used by financial organizations when investigating money laundering, for example, and by the healthcare sector to provide better health outcomes and services to the public.
On Aug. 31, hopes were dashed when the California legislative session ended without enacting Assembly Bill 1102. The bill would have extended grace periods for certain business-to-business and human resources personal information under the California Consumer Privacy Act as amended by the California Privacy Rights Act. CCPA/CPRA will become fully operational on Jan. 1, 2023, for B2B and HR personal information and will be subject to the same rigorous California privacy regulations as “consumer” personal information.