It’s a new year in privacy, and as usual, there are many things to watch. Here are 5 burning questions:
5. What will be the impact of the U.S. state privacy laws taking effect? The consumer privacy laws of California, Colorado, Connecticut, Utah, and Virginia all take effect this year. Regulations are in process for several laws, including CA and CO.
Enforcement of the CCPA by the new California Privacy Protection Agency (CPPA) will commence this year. And the CCPA now applies to employee data. Exciting times!
4. Will there be new U.S. state privacy laws? There were a number of bills in the states in 2022, but I think that the states took a pause because of the federal privacy bill, the American Data Privacy and Protection Act (ADPPA). Now that the ADPPA has fizzed out, the states might resume their onward march.
New bills have been introduced in New York, Kentucky, and Tennessee. More will likely follow.
3. Will India finally pass a data privacy law? Maybe. Every year is purportedly the year. And this has happened year after year. I feel like Charlie Brown with the football on this one.
2. What will happen in the EU? Last year, a new agreement was reached to patch cross-border data transfer after Schrems II: Schrems Strikes Back. This new arrangement, the Transatlantic Data Transfer Framework, makes changes in the U.S. surveillance regime via executive order, and it revives the EU-US Privacy Shield. It is currently under review by the European Commission. Once finalized, it will surely be challenged by Schrems, and we’ll see what the European Court of Justice thinks in Schrems III: The Return of Schrems.
In 2022, the UK said it would ditch its GDPR after enacting it a few years prior in an almost verbatim version to the EU’s GDPR. Noise about this seems to have quieted down given all the government upheaval. Maybe the UK has bigger fish to fry. Or, maybe we’ll see something this year.