Connecticut privacy bill passes Senate

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

USA

Connecticut Privacy Bill Passes Senate

Connecticut SB 6, which closely resembles the Colorado Privacy Act, was unanimously passed by the Senate after an amendment making changes to the applicability threshold and the age of children’s data (from 18 to 16) and removing authentication requirements for opt-out requests.

The bill can go straight to a House floor vote, since it has already passed out of a joint committee, and has been added to the House Calendar for consideration.

The Connecticut legislative session adjourns May 4. 

WHY IT MATTERS

If SB 6 passes, the Connecticut Act Concerning Personal Data Privacy and Online Monitoring would become effective July 1, 2023, the same day as the Colorado Privacy Act. 

Two Notable California Amendments Pass out of Committee

SB 1059 (requiring that businesses without a direct consumer relationship that “share” personal data with third parties register as data brokers) and  AB 2273 (creating an Age Appropriate Design Code for businesses offering goods, services or products likely to be accessed by children under 18) passed out of the Senate Judiciary Committee and Privacy and Consumer Protection Committee, respectively.

Both bills have been referred to the Committee on Appropriations.

WHY IT MATTERS

Both of these bills, if enacted would be impactful to the digital advertising industry.

SB 1059 would mean that businesses that receive personal data indirectly (without a direct consumer relationship) and share the data downstream to third parties for cross context behavioral advertising purposes would have to register as data brokers, even if the data isn’t sold for monetary or other consideration.

Interestingly, businesses registered as data brokers are currently exempt from the obligation to provide a notice at collection as long as such notices are included in their data broker registration, so this amendment could reduce the number of entities with an obligation to provide a privacy notice at the point of collection.

AB 2273 would, among other obligations, require businesses offering services likely to be accessed by children under 18 to establish the age of all users and refrain from collecting or using personal data from those under 18 unless necessary to provide the service. 

BBB Publishes TeenAge Privacy Program Roadmap

The Better Business Bureau’s Center for Industry Self-Regulation launched a TeenAge Privacy Program (TAPP) Roadmap to help companies collect and manage teenage data responsibly.

Among other recommendations, the program encourages businesses providing products or services appealing to teen audiences to establish the age of users and obtain opt-in consent before engaging in behavioral advertising to known teens, along with conspicuous disclosures that targeted ads may be shown and an explanation of tracking technologies.

WHY IT MATTERS

An impetus for the program was a study conducted by BBB National Programs finding that 82% of teen apps were ad supported compared to only 52% of general apps.

Based on a determination that identifying a “teen space” is much more complex than identifying child-directed content, the BBB determined that, rather than simply raising COPPA’s age, a more nuanced approach is necessary, including by ensuring businesses have the tools and support necessary to sustain responsible data collection.  

U.S. Chamber of Commerce Urges Scrutiny of FTC Nominee

In a letter to Senators Schumer and McConnell, the U.S. Chamber of Commerce urged obtaining clarification from FTC nominee Alvaro Bedoya regarding his positions on transparency, due process and agency authority before consideration of his nomination.

The letter expressed concern with the FTC’s “troubling conduct” under Chair Lena Kahn, including its consideration of bans on personalized advertising, among other initiatives, and stressed that, as the fifth member of the Commission, Bedoya’s vote would break potential deadlocks over changes in policy. 

WHY IT MATTERS

Alvaro’s nomination to the Federal Trade Commission has experienced several delays since President Biden initially announced the nomination in September 2021.

The FTC has functioned with only four commissioners since Rohit Chopra was confirmed as the Director of the Consumer Financial Protection Bureau in 2021, and attempts to continue without a tie-breaking vote have been strictly partisan. 

Cloture was filed earlier this month, though, to end debate and force a vote on the Senate floor.  

U.S. and 6 Other Economies Create Global Cross-Border Privacy Rules Forum

The United States, with Canada, Japan, the Republic of Korea, the Philippines, Singapore and Chinese Taipei, issued a declaration establishing a Global Cross Border Privacy Rules Forum to facilitate data protection and free flow of data, disseminate best practices for data protection, privacy and interoperability, and pursue interoperability with other data protection and privacy frameworks.

The Global CBPR Forum will meet at least biannually.

WHY IT MATTERS

The APEC Cross-Border Privacy Rules (CBPR) System is a government-backed data privacy certification that imposes and enforces certain personal data protections and practices on certified data controllers, and the Privacy Recognition for Processors (PRP) system is a similar system designed for organizations that process data on behalf of data controllers. According to the Forum FAQ, the Forum intends to establish an international certification system based on the APEC CBPR  and PRP systems, but the system will be independently administered and separate from the APEC Systems. 

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.