Week of September 20, 2021

–

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

USA

Senators pursue privacy from all angles

Lots of actions were taken at the U.S. Senate this week in pursuit of privacy legislation or regulation at the federal level.

Nine U.S. Senate Democrats sent a letter to the chair of the FTC urging rulemaking around the collection and use of personal data in the digital economy. Specifically, the letter asked for protections for the data of marginalized communities, prohibitions on targeting children and teens, opt-in consent rules and global opt-out standards. 

Senator Cantwell, Chair of the U.S. Senate Committee on Commerce, Science and Transportation, scheduled a hearing titled “Protecting Consumer Privacy” to examine how to better safeguard consumer privacy rights, including through the creation of a privacy bureau and comprehensive federal privacy legislation. 

Meanwhile, Senator Blumenthal reportedly expressed in a hearing of a subcommittee on tech companies, competition and privacy that he and Senator Moran have come very close to crafting a bipartisan privacy bill and that he’s “hopeful that we’ll continue to make progress”. 

WHY IT MATTERS

Last week, developments with the FTC were at the top of our recap. This week’s actions by the Senate demonstrate the strong focus and effort from certain Senators on federal privacy, seeking all possible avenues to apply stronger data privacy protections in the United States.  

CPPA STARTS INFORMATION-GATHERING PROCESS FOR CPRA RULES

The California Privacy Protection Agency (CPPA), the agency tasked with rulemaking under the CPRA, released an Invitation for Preliminary Comments, seeking input on any area on which the Agency has the authority to adopt rules, but particularly on certain listed topics. These include processing that presents a significant risk to consumer privacy, automated decision-making, rights to delete, correct and know, and rights to opt out of selling and sharing and to limit use of sensitive information. Comments must be submitted by November 8.

WHY IT MATTERS

This is our first insight into how the CPPA may be thinking about CPRA rulemaking. This general call for comments gives the digital advertising industry (among other industries) the opportunity to weigh in and educate the CPPA on solutions that would have the most practical and meaningful effect on consumers and businesses in the industry. 

EUROPE

UK INFoRMATION COMMISSIONER REPORTS BACK FROM G7 MEETING

UK Information Commissioner Elizabeth Denham published a blog summarizing her recent meeting with her G7 counterparts. According to Denham, the two-day meeting focused on specific uses of data, like AI and cookies; how privacy overlaps with competition and national security; and regulatory aspects like enforcement, deterrents and the impact of the pandemic. The G7 authorities reportedly committed to find better ways to secure informed and meaningful consent online, including examination of web browsers, software applications and device settings as potential vehicles for privacy preferences.

OUR TAKE

Although any regulatory change reflecting these meetings is likely years away (potentially after more significant industry changes, such as Google’s deprecation of the third-party cookie), it highlights the desire, at least from the current ICO Commissioner, to evolve consumer privacy in the digital space. The UK government announced plans in late August to replace Denham as Commissioner with John Edwards, the current Privacy Commissioner of New Zealand. 

GLOBAL

QUEBEC ENACTS PRiVACY LEGISLATION

Quebec passed Bill 64, An Act to Modernize Legislative Provisions as Regards the Protection of Personal Information, which will come into force September 22, 2023. The Act requires the development of data governance processes, data management policies, technical solutions for transfer and de-indexing of data, and internal guidelines. It also requires specific, express consent in certain circumstances, such as for processing sensitive personal information like medical or biometric information.

WHY IT MATTERS

Although the new Quebec law doesn’t introduce any requirements that we haven’t already seen in other privacy laws, it demonstrates a focus in Canada on reformed privacy and may set a precedent for legislation in other parts of Canada.

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.