September 2021

What U.S. Companies Need to Know about China’s New Privacy LawKeypoint: China’s Personal Information Protection Law is a complicated regulatory regime that will require U.S. entities subject to its requirements to undertake substantial compliance efforts.

Effective November 1, 2021, China will become the latest country to enact a national data privacy law akin to Europe’s General Data Protection Regulation (GDPR). The new law – entitled the Personal Information Protection Law of the People’s Republic of China or “PIPL” – will require foreign companies, including U.S. companies, operating in China (and in some cases, operating purely outside of China) to undertake new compliance efforts.

To facilitate that process, below is a general discussion of PIPL and some of its more notable provisions. For reference, PIPL has been translated into English by DigiChina, which has a wealth of resources available on its website for those interested in further reading on this new law.

CPRA Regulations: California Privacy Protection Agency Commences Preliminary Rulemaking ProcessKeypoint: The California Privacy Protection Agency initiates preliminary rulemaking activities under the California Privacy Rights Act.

On Wednesday, September 22, 2021, the California Privacy Protection Agency (Agency) issued an Invitation for Preliminary Comments on Proposed Rulemaking Under the California Privacy Rights Act of 2020.

California voters approved the California Privacy Rights Act (CPRA) in November 2020. The CPRA, which goes into effect on January 1, 2023, significantly revises the California Consumer Privacy Act (CCPA).

In the seventh episode of our Legislating Data Privacy series, we talk with Connecticut Senator James Maroney.

Senator Maroney is the author of Senate Bill No. 893, which would have granted Connecticut residents various privacy rights regarding their personal data.

In this episode, Senator Maroney discusses the fascinating path of S.B. 893 during the

Oklahoma Privacy BillKeypoint: The 2022 legislative session of proposed state consumer privacy legislation kicks off with the filing of a new bill in Oklahoma.

On September 9, 2021, Rep. Collin Walke (D) and Majority Leader Rep. Josh West (R) filed the Oklahoma Computer Data Privacy Act of 2022. The Oklahoma legislature is not scheduled to convene until February 7, 2022, such that there is ample time for policymakers and lobbyists to study the bill. We spoke with Representative Walke earlier this year about his goal of passing a privacy law in 2022.

In an accompanying press release, Representative Walke stated: “The National Security Commission on Artificial Intelligence explained that America is ill-prepared for the next decade of technological development, and part of that is due to a lack of governmental action in regulating things like data privacy. It is time that we heed the advice of security experts like the National Security Commission and pass meaningful data privacy legislation. We must be part of the solution and not the problem.”

In 2021, the Oklahoma House passed another privacy bill but it did not make it out of the Senate Judiciary Committee. According to Rep. Walke, the 2021 version will still be alive when the 2022 legislative session convenes such that Oklahoma lawmakers will have two bills to consider.

Below is an overview of the 2022 bill (as introduced).

In addition, members of Husch Blackwell’s privacy and data security practice will be hosting a webinar on September 28 to discuss developments in U.S. privacy law, including the 2022 Oklahoma bill. Click here to register.