Week of September 20, 2021

Julie Rubash, Chief Privacy Counsel
September 27, 2021

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.


Senators pursue privacy from all angles

Lots of actions were taken at the U.S. Senate this week in pursuit of privacy legislation or regulation at the federal level.

Nine U.S. Senate Democrats sent a letter to the chair of the FTC urging rulemaking around the collection and use of personal data in the digital economy. Specifically, the letter asked for protections for the data of marginalized communities, prohibitions on targeting children and teens, opt-in consent rules and global opt-out standards. 

Senator Cantwell, Chair of the U.S. Senate Committee on Commerce, Science and Transportation, scheduled a hearing titled “Protecting Consumer Privacy” to examine how to better safeguard consumer privacy rights, including through the creation of a privacy bureau and comprehensive federal privacy legislation. 

Meanwhile, Senator Blumenthal reportedly expressed in a hearing of a subcommittee on tech companies, competition and privacy that he and Senator Moran have come very close to crafting a bipartisan privacy bill and that he’s “hopeful that we’ll continue to make progress”. 


Last week, developments with the FTC were at the top of our recap. This week’s actions by the Senate demonstrate the strong focus and effort from certain Senators on federal privacy, seeking all possible avenues to apply stronger data privacy protections in the United States.  


The California Privacy Protection Agency (CPPA), the agency tasked with rulemaking under the CPRA, released an Invitation for Preliminary Comments, seeking input on any area on which the Agency has the authority to adopt rules, but particularly on certain listed topics. These include processing that presents a significant risk to consumer privacy, automated decision-making, rights to delete, correct and know, and rights to opt out of selling and sharing and to limit use of sensitive information. Comments must be submitted by November 8.


This is our first insight into how the CPPA may be thinking about CPRA rulemaking. This general call for comments gives the digital advertising industry (among other industries) the opportunity to weigh in and educate the CPPA on solutions that would have the most practical and meaningful effect on consumers and businesses in the industry. 



UK Information Commissioner Elizabeth Denham published a blog summarizing her recent meeting with her G7 counterparts. According to Denham, the two-day meeting focused on specific uses of data, like AI and cookies; how privacy overlaps with competition and national security; and regulatory aspects like enforcement, deterrents and the impact of the pandemic. The G7 authorities reportedly committed to find better ways to secure informed and meaningful consent online, including examination of web browsers, software applications and device settings as potential vehicles for privacy preferences.


Although any regulatory change reflecting these meetings is likely years away (potentially after more significant industry changes, such as Google’s deprecation of the third-party cookie), it highlights the desire, at least from the current ICO Commissioner, to evolve consumer privacy in the digital space. The UK government announced plans in late August to replace Denham as Commissioner with John Edwards, the current Privacy Commissioner of New Zealand. 



Quebec passed Bill 64An Act to Modernize Legislative Provisions as Regards the Protection of Personal Information, which will come into force September 22, 2023. The Act requires the development of data governance processes, data management policies, technical solutions for transfer and de-indexing of data, and internal guidelines. It also requires specific, express consent in certain circumstances, such as for processing sensitive personal information like medical or biometric information.


Although the new Quebec law doesn’t introduce any requirements that we haven’t already seen in other privacy laws, it demonstrates a focus in Canada on reformed privacy and may set a precedent for legislation in other parts of Canada.

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

Bicameral, bipartisan discussion draft of federal privacy bill announced

April 15, 2024

If passed, the American Privacy Rights Act, a comprehensive...

CPPA issues an enforcement advisory on data minimization

April 9, 2024

Their first "enforcement advisory", reminds companies of their data...

Kentucky sends comprehensive privacy bill to governor

April 1, 2024

Kentucky's privacy bill mirrors Virginia's, is set for 2026....

Latest White Papers

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Ebook: A Publisher’s Guide to Vendor List Curation

December 16, 2021

How to review your vendor list to mitigate compliance...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]