Privacy Law Update: July 26, 2021
We spoke with the CEOs of companies that participated in the recent AWS Startup Showcase: Innovations With CloudData and CloudOps to find out what drives them and learn about their visions for the future. This is the sixth feature in our CEO Startup Spotlight series. WireWheel Inc. Chief Executive Officer and co-founder Justin Antonipillai was working for the Obama Administration when he began to see that data privacy was becoming a very big deal. As Acting Under Secretary for Economic Affairs, he played a key role in several of the department’s top priorities, including co-leading the United States’ negotiating team in reaching agreement on the E.U.-U.S. Privacy Shield with the European Commission and on the issues of privacy, cybersecurity and encryption, as well as a number of other digital economic initiatives.
Those wondering how California Consumer Privacy Act enforcement went after the law’s first year in effect got that answer and plenty more July 19. California Attorney General Rob Bonta held a press conference to tout the effectiveness of the CCPA, particularly its cure notices, while unveiling a new Consumer Privacy Tool for individuals to report instances of missing or unclear “Do Not Sell My Personal Information” buttons on companies’ websites.
Last week, President Biden signed an Executive Order on “Promoting Competition in the American Economy” (“the Order” or “the EO”), published together with an explanatory Fact Sheet. The Order outlines a sweeping agenda for a “whole of government” approach to enforcement of antitrust laws in nearly every sector of the economy. Although there is a focus on particular markets, such as agriculture and healthcare, the Order includes a number of provisions with clear implications for data protection and privacy.
Pending Privacy Legislation
- Ohio HB376: Ohio House Bill 376 was officially introduced. It was previously sitting for a while in draft form. It’s looking like the first hearing on this bill may not take place until Labor Day, at the earliest.
- The Bill: This omnibus privacy bill would apply to organizations that either: Have annual gross revenues generated in the state that exceed $25 million; Control or process personal data of 100,000 or more consumers in the state during a calendar year or derive over 50 percent of its gross revenue from the sale of personal data and processes or controls personal data of 25,000 or more consumers in the state during a calendar year. Consumers would be granted rights for: Access; Deletion; and An opt-out right for the sale of personal data. The bill does not provide for a private right of action and includes a 30-day cure period.
- IAPP Privacy Law Tracker