A lot has happened in privacy law in 2022 . . . which is actually nothing new because so much happens every year. I have thought about which 5 developments are the most notable, and here’s my list.
Have a moment? I’m running a short survey to see what other privacy professionals think.
5. ADPPA. The American Data Privacy and Protection Act (ADPPA) was introduced in the House of Representatives on June 21, 2022. It has gone further than most attempts at a comprehensive privacy law. My sense now is that the passage of the ADPPA is a longshot, hung up on the fact that it preempts state privacy laws, a difficult hurdle because California is so committed to regulating in this area.
My Writings and Resources on ADPPA:
- Webinar on ADPPA – Bill for a Federal Comprehensive Privacy Law
- A Faustian Bargain: Is Preemption Too High a Price for a Federal Privacy Law?
- Further Thoughts on ADPPA, the Federal Comprehensive Privacy Bill
4.
Had I cheated and lumped state law developments together, I would have included the consumer privacy laws of Connecticut and Utah, the first jury trial verdict under the Illinois Biometric Information Privacy Act (BIPA) for $228 million, and Colorado’s draft Privacy Act regulations, and the first enforcement action under the CCPA. Plus the CPRA changes to the CCPA go into effect on January 1, 2023, and employee data will be covered. But I’ll save that one for next year!
Check out my updated CCPA Training Courses
3. EU Digital Services Act. In July 2022, the EU Parliament approved the Digital Services Act. This is a bold law that imposes many duties on large online platforms and search engines. The Digital Services Act includes requirements for mitigating risks such as disinformation and online harassment; bans targeted ads by profiling children or based on sensitive data; andrequires independent auditing.
1. Dobbs. In Dobbs v. Jackson Women’s Health Organization (U.S. 2022), the U.S. Supreme Court eliminated the right to abortion. Although not about information privacy, the Dobbs case has profound effects for information privacy. As Professor Elizabeth Joh aptly writes: “Dobbs has been called a turning back the clock for abortion rights and women’s rights. But that is not quite accurate. The Court has decided Dobbs at a time when unprecedented amounts of digital data about us now exist thanks to an enormous surveillance infrastructure.”
Honorable Mention: FTC Commercial Surveillance and Data Security Rulemaking (because the process has just begun). On August 11, 2022, the FTC began a rulemaking under the onerous procedures of the Magnuson-Moss Warranty Act. The FTC is focusing on secret commercial surveillance practices, the use of algorithms and automated systems to analyze data, discrimination, and dark patterns, among other things. This is a bold move for the FTC, and the Magnusson-Moss process presents a mountain to climb. If the FTC can pull this off, it will be quite an achievement.
Daniel J. Solove is John Marshall Harlan Research Professor of Law at George Washington University Law School. He is the founder of TeachPrivacy, a company that provides computer-based privacy and data security training. His most recent book is Breached! Why Data Security Law Fails and How to Improve It, published by Oxford University Press 2022.
NEWSLETTER: Subscribe to Professor Solove’s free newsletter
TWITTER: Follow Professor Solove on Twitter.