Keypoint: This week lawmakers introduced new bills in Mississippi, Nebraska, and Pennsylvania, held hearings in Alaska and Washington, and scheduled hearings for the coming week in Alaska, Delaware, Indiana, Maryland, and Washington.

Below is our second weekly update on proposed state privacy laws. As with past updates, we track the status of proposed CCPA-like privacy legislation. In addition, starting this week we have expanded the update to track upcoming hearings, VCDPA amendments, biometric privacy bills, data broker bills, and other bills of note. We even added a table of contents! We hope you enjoy the additional content.

Before we get to our update, we wanted to provide two reminders.

First, we will be regularly updating our 2022 State Privacy Law Tracker to keep pace with the latest developments with CCPA-like bills. We encourage you to bookmark the page for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter. Last week, we provided a mid-week update on a new VCDPA amendment.

Continue Reading Proposed State Privacy Law Update: Jan. 24, 2022

In the tenth episode of our Legislating Data Privacy podcast series, we talk with Maureen Mahoney, Senior Policy Analyst at Consumer Reports – a leading consumer privacy advocate. Maureen’s areas of focus include state data privacy, security, and data breach notification legislation; state right to repair legislation; and robocalls policy. Maureen is ubiquitous on emerging state privacy laws, having commented and testified on state privacy laws from coast to coast.

In this episode, Maureen discusses Consumer Reports’ role in the state privacy legislative process, her work on various state bills, and Consumer Reports’ model bill.

Click here to listen to the full interview.

Keypoint: 2022 is off to a fast start with proposed state privacy laws filed in Alaska, Florida, Indiana, Kentucky, New Jersey, Pennsylvania and Vermont, joining the long list of bills already filed.

Welcome back! This is our first weekly update on the status of proposed CCPA-like state privacy laws in 2022. Last year, we provided sixteen weekly updates, culminating with the passage of the Colorado Privacy Act. We will bring you the same coverage in 2022 with weekly updates in your inbox every Monday morning for subscribers. Before we get to our first update, we wanted to provide three reminders.

Continue Reading Proposed State Privacy Law Update: Jan. 18, 2022

Keypoint: Virginia lawmakers will consider multiple amendments to the Virginia Consumer Data Protection Act in advance of its January 1, 2023 effective date.

As the legislature opened on January 12, Virginia lawmakers proposed seven bills to amend the Virginia Consumer Data Protection Act (VCDPA). The bills come after the VCDPA Work Group held six meetings from June to August 2021 and issued a Final Report on November 1, 2021 (see our summary of the report here).

The bills seek to amend the VCDPA’s right to delete, nonprofit definition, and enforcement provisions. The Work Group’s Final Report identified many other topics for potential amendments. It remains to be seen whether other amendments will be offered as the legislative session advances. The Virginia legislature is scheduled to close on March 12, 2022 unless the session is extended.

Below is a summary of the bills.

Continue Reading Amendments Proposed to Virginia Consumer Data Protection Act

Update your bookmark, we just released our 2022 State Privacy Law Tracker!

With numerous states already considering CCPA-like privacy legislation (and more sure to follow), it is nearly impossible to keep track of all the proposed bills.

That’s why we created the 2022 State Privacy Law Tracker – an updated version of our widely used 2021 State Privacy Law Tracker.

The tracker identifies the states that are considering bills and contains helpful links to the bills and our blog posts analyzing them.

Bookmark the page and use it as a resource. Like last year, we will update it as more bills are filed. If you like it, share it on social media for others to find and use.

We also will be resuming our weekly updates shortly, so make sure you are subscribed to our blog to stay updated.

While we can’t predict what will happen this year (did anyone guess Virginia and Colorado last year?), we can at least try to make the journey a little bit easier.

Keypoint: Lawmakers introduced new bills in Florida, Washington, Indiana and the District of Columbia.

The list of jurisdictions considering consumer data privacy bills in 2022 continues to grow with lawmakers introducing new bills in Florida, Washington, Indiana, and the District of Columbia.

In Florida, Senator Jennifer Bradley filed the Florida Privacy Protection Act (SB 1864) on January 7, 2022. Senator Bradley sponsored SB 1734 last year. It is expected that Representative McFarland will introduce a bill in the Florida House in the coming days.

Continue Reading Four More Consumer Data Privacy Bills Introduced in US

Which States Will Consider CCPA-Like Consumer Privacy Bills in 2022?Keypoint: At least fifteen state legislatures are poised to consider CCPA-like consumer privacy legislation in 2022 with lawmakers in Arizona, Connecticut, Florida, Minnesota, Mississippi, and Washington confirming they will be introducing bills, a bill already being pre-filed in Maryland, and eight states with bills that will carry over from the 2021 session.

The continuing emergence of proposed state privacy laws will be a dominant story for privacy professionals in 2022.

In 2021, lawmakers in twenty-seven states proposed CCPA-like privacy legislation. We tracked these bills through our weekly updates, State Privacy Law Tracker, and Legislating Data Privacy podcast series.

This year, we contacted lawmakers who proposed bills in 2021 and asked them to share their plans for 2022. We received many responses, which we chronicle below along with updates on bills that we have been tracking over the summer and fall. Of particular note, Representatives Shelley Kloba (Washington), Steve Elkins (Minnesota), and Collin Walke (Oklahoma) provided extensive comments on their 2022 proposals.

Continue Reading Which States Will Consider CCPA-Like Consumer Privacy Bills in 2022?

Keypoint: As we break for the holidays, we wanted to wish you and your families happiness and health, and leave you with an attempt at some privacy holiday humor. We look forward to bringing you more privacy news and analysis in 2022.

A Privacy Christmas Story

‘Twas the night before Christmas as I toiled away,

Counting the minutes until Christmas day,

When all of a sudden from out of the blue,

I received a meeting invite from Santa that’s who,

You see Santa’s been watching as all over the globe,

Countries (except the US) have enacted privacy codes,

Santa, he said, would like to comply,

So he asked if I could give it a try,

[After clearing conflicts, receiving a retainer and entering into an engagement letter …..]

Continue Reading A Privacy Christmas Story

Keypoint: Advertising platform settles with the FTC over allegations that it collected location data without consent and collected information from child-directed apps without notice or parental consent in violation of the FTC Act and COPPA.

Online advertising exchange platform, OpenX Technologies, Inc., has been ordered to pay $2 million of a $7.5 million judgment to settle Federal Trade Commission allegations that it misrepresented its data collection, use, and disclosure practices as it concerns personal information collected from children and location information collected from consumers who had not granted or had denied requisite location permissions.

Continue Reading Behind the Scenes but Not Above the Law: Advertising Platform OpenX To Pay $2 Million FTC Settlement

Keypoint: The EDPB takes the position that geographical boundaries – and not GDPR’s jurisdictional reach – govern the restricted transfer determination.

On November 19, 2021, the European Data Protection Board (EDPB) published draft guidelines on the interplay between the application of GDPR Article 3 and its provisions on international transfers in Chapter V.

The draft guidelines answer the question of whether a transfer of personal data occurs when the data leaves GDPR’s jurisdictional scope or when it leaves the European Union’s geographic scope. The draft guidelines also provide three criteria and a number of illustrative examples to guide controllers and processors to identify restricted transfers.

Restricted transfers are of heightened focus in light of the Court of Justice of the European Union’s decision in Schrems II, the European Commission’s issuance of new standard contractual clauses, and the EDPB’s recommendations on supplementary measures for cross-border data transfers. The guidelines – once finalized – will provide entities with further guidance on how to navigate this complex legal issue.

The draft guidelines will be open to public comment until the end of January.

Below is a summary.

Continue Reading EDPB Issues Draft Guidelines on Interplay Between GDPR’s Jurisdictional Scope and Cross-Border Data Transfer Requirements