Keypoint: Bill would add right to deletion to COPPA.
Senators introduced the “Clean Slate for Kids Online Act of 2021” in the United States Senate last week. The bill seeks to amend the Children’s Online Privacy Protection Act (“COPPA”).
The bill provides individuals with the right to delete personal information the operator collected from the individual as a child. The right to delete applies even in instances where parental consent was provided for the collection of the personal information.
Keypoint: Proposed bills would amend Nevada privacy legislation to provide consumers with a broader right to opt out of sales.
In 2019 – shortly after the CCPA was enacted – Nevada amended its online privacy notice statutes, NRS 603A.300-360, to provide consumers with the right to opt out of sales. However, contrary to the CCPA’s broad definition of “sale,” the Nevada law defines sale narrowly as “the exchange of covered information for monetary consideration by the operator to a person for the person to license or sell the covered information to additional persons.”
Keypoint: It was another busy week with bills introduced in Colorado, New York and West Virginia, a committee hearing in New Jersey on three bills, a public hearing in Washington on the Washington Privacy Act, the Oklahoma bill was referred to the Senate Judiciary committee, one Florida bill passed out of committee, and a hearing was set on the other Florida bill.
For the fourth week in a row, we are providing an update on the status of proposed CCPA-like privacy legislation. Before we get to our update, we wanted to provide three reminders.
First, there has been so much debate about what to call Virginia’s new privacy law – the Virginia Consumer Data Protection Act – that we started an online poll. Tell us whether you think the law should be called the CDPA or VCPDA. We will keep voting open until April 2 and release the results on our blog.
Second, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.
Third, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.
Keypoint: The Colorado bill mirrors the Virginia Consumer Data Protection Act and Washington Privacy Act but contains some notable differences.
On March 19, 2021, Colorado lawmakers introduced the Colorado Privacy Act (SB21-190).
The bill is similar to Virginia’s Consumer Data Protection Act (VCDPA) and the Washington Privacy Act (WPA) but contains notable differences, including with respect to the scope of its exemptions and the rights it would provide to Colorado residents.
Senator Rodriguez (Democrat) and Senator Lundeen (Republican and minority whip) sponsored the bill, signaling that it has bi-partisan support. The bill has been assigned to the Senate’s Business, Labor and Technology Committee, which Senator Rodriguez chairs.
According to the legislative calendar, the deadline for bills to pass out of the Senate is April 7, 2021, which means the bill will have to move quickly.
Below is a general overview of the bill as introduced.
Keypoint: There were four notable developments this week: the Florida House passed a bill out of committee, lawmakers proposed a new bill in Texas, the Washington Privacy Act was scheduled for a public hearing and committee session on March 17 and 19, respectively, and the Illinois Right to Know Act was scheduled for a March 19 hearing in the Cybersecurity, Data Analytics & IT Committee.
For the third week in a row, we are providing an update on the status of proposed CCPA-like privacy legislation. Before we get to our update, we wanted to provide three reminders.
First, we hosted a webinar on Virginia’s Consumer Data Protection Act on March 11. You can access the recording here.
Second, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.
Third, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.
Keypoint: It was a busy week for privacy law. Since the update we provided last week Virginia’s bill was signed into law, bills in Washington and Oklahoma advanced, and Utah’s bill failed to pass before its legislative session closed.
Last week, we provided an update on the status of proposed CCPA-like privacy legislation. In that article, we noted that the contents were “time-sensitive and subject to change.” Typical to privacy law, in just a week, the landscape of these proposed laws changed dramatically. Given these changes, we decided to publish another update and, like last week, waited until a weekend when state legislatures are quiet.
Before we get to our update, we wanted to provide three reminders.
First, we will be hosting a webinar on Virginia’s Consumer Data Protection Act on March 11. You can register for the webinar here. If you are unable to attend the webinar live, you can still register, and we will email a copy of the presentation and a link to the webinar recording to you.
Second, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.
Third, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.
Keypoint: CCPA-like privacy bills continue to be introduced and work their way through state legislatures.
Those who attended our recent webinar or who subscribe to this blog know that we have been closely tracking proposed CCPA-like legislation in state legislatures across the country. We also launched a 2021 State Privacy Law Tracker to keep pace with the latest developments.
Yet, even with these efforts, there still are numerous developments occurring on a near daily basis. Therefore, we decided to wait until a weekend (when state legislatures are quiet) to provide a summary of where these bills stand. Of course, the contents provided below are time-sensitive and subject to change.
Keypoint: Virginia moves closer to enacting consumer privacy legislation.
On January 29, 2021, the Virginia House of Delegates passed HB2307, the Virginia Consumer Data Protection Act (Act) in an 89 to 9 vote. The Act now sits with the Senate Committee on General Laws and Technology. A companion bill, SB 1392, already passed the Senate Committee on General Laws and Technology on January 27, 2021.
According to the Virginia General Assembly Session Calendar, Friday, February 5 is the deadline for each house to complete work on its own legislation, except for the budget bill. The Assembly will adjourn on February 11.
Below is a brief overview of the Act. In addition, on February 17, members of Husch Blackwell’s Data Privacy & Cybersecurity team will host a webinar to discuss all of the CCPA-like privacy bills proposed across the country. To register, click here.
Many thanks to Amy Miller, Senior Reporter, Privacy and Data Security at MLEX Market Insight for alerting us to this development.
On January 28, 2021, privacy professionals around the world will celebrate Data Privacy Day. This year, we decided to mark the occasion by gathering our team’s thoughts and expectations on what we expect to be the biggest privacy law stories in 2021 and beyond.
Last year we wrote a similar article, attempting to predict how the privacy landscape would unfold in 2020. We got some things right (e.g., the emergence of CCPA 2.0). But, let’s be honest, in March everything changed, including privacy law. As spring turned into summer our writing focused on the privacy law implications of COVID-19, including contact tracing, no contact temperature taking, and the unanticipated collection of heath information, among other unexpected topics. We also took note of developments overseas, including the Court of Justice of the European Union’s Schrems II decision and the emergence of Brazil’s federal privacy law, LGPD.
If there was one takeaway from 2020 from a privacy law perspective it was this – while it is impossible to predict its path, privacy law is rapidly growing and evolving, almost on a daily basis, and in nearly every corner of the world. With that, we turn to our 2021 predictions.
Keypoint: Although the CPRA will not become fully operative until January 1, 2023, the provisions creating the California Privacy Protection Agency and extending the business-to-business and employee exemptions are now operative.
On December 11, 2020, California Secretary of State Alex Padilla certified the results of the November General Election. As a result, the California Privacy Rights Act (CPRA) became effective today, pursuant to Section 31 of Proposition 24 and Article II, Section 10(a) of the California Constitution. Notwithstanding the CPRA’s effective date, the majority of its provisions will not become operative until January 1, 2023. Nonetheless, certain notable provisions are now fully operative: