California Remains a Privacy Bellwether
Hello all, and happy Thursday!Read Now
March 2, 2023
Hello all, and happy March! Our friends in the northern hemisphere have just a few weeks left before spring officially starts.
There’s some exciting news in the data privacy world this week—legislators are breathing new life into the American Data Privacy Protection Act (ADPPA).
The ADPPA was first introduced June 21, 2022. Since then, it’s made more progress and enjoyed more bipartisan support than any other federal data privacy proposal to date. It ended 2022 having successfully made it out of the House Committee on Energy and Commerce, but was never brought up for a House floor vote.
This week, the House Committee on Energy and Commerce's new Subcommittee on Innovation, Data and Commerce held a hearing on data privacy, where legislators essentially affirmed that the ADPPA would continue to be advanced and would have no competitors.
With the new Congress, the ADPPA has to restart the legislative process all over again, but it still has the bulk of supporters in both parties, making it likely that it will at least get out of committee and put up for a House floor vote again.
The law still has its challenges. Although the Committee carved out an exception to ensure that individual Californians could sue under the law (as is the case with the CPRA), Californian representatives are still unhappy that the ADPPA would preempt their arguably stronger data privacy law. And the political landscape in Congress has changed since 2022, so who knows whether the law will continue to enjoy bipartisan support.
That’s why individual states are continuing to advance their own privacy laws, even with the ADPPA making its way through Congress. Could there be yet another state privacy law on the books by the end of 2023? Could there be a federal law? We’ll keep you posted on all the developments in Privacy Insider.
Post-rulemaking CPRA regulations: 8 new obligations you need to know
On February 14, the CPPA, California’s new privacy regulatory agency, filed the first part of its proposed final CPRA regulations with California’s Office of Administrative Law (OAL). These regulations have implications for businesses’ obligations under the CPRA beyond what’s described in the base law. Lexology describes 8 new potential obligations.
U.S. House lawmakers keep federal privacy legislation top of mind
During the House Committee on Energy and Commerce's latest hearing, lawmakers reconfirmed their commitment to advancing the American Data Privacy Protection Act (ADPPA). The ADPPA successfully passed out of committee last year but was never brought up for a House floor vote. The law will have to be reintroduced in 2023, but lawmakers signaled in the recent hearing they would once again support the bill, breathing new life into the ADPPA’s prospects.
Canada’s Privacy Commissioners launch joint investigation into TikTok
Following class action lawsuits in the United States and Canada as well as reports related to TikTok’s collection, use and disclosure of personal information, Canada’s privacy protection authorities have launched an investigation into TikTok for its compliance with the country’s data privacy law, Personal Information Protection and Electronic Documents Act (PIPEDA).
A look at what's in China's new SCCs
Chinese authorities have released the long-anticipated standard contractual clauses (SCCs) that allow for compliant international data transfers under the Personal Information Protection Law (PIPL). The International Association of Privacy Professionals (IAPP) breaks down the key elements of the new SCCs.
More states consider data privacy laws
Lawmakers in Massachusetts, Illinois, Indiana, and more are introducing or have introduced data privacy laws while they wait for federal action on data privacy. D.C.-based nonprofit Electronic Privacy Information Center (EPIC) has been at the center of these efforts to introduce more state data privacy laws.
Governor Newsom, Attorney General Bonta and CPPA file letter opposing Federal privacy preemption
Recently, Governor Gavin Newsom, Attorney General Rob Bonta, and the California Privacy Protection Agency (CPPA) sent a joint letter to Congress opposing preemption language in the ADPPA. The letter comes just as House committee members redouble their efforts to advance the federal data privacy legislation.
Introducing Osano automated DSAR summaries and deletion
The Osano data privacy platform has new automated capabilities for subject rights management! Now, Osano can automatically summarize and/or delete data in connected SaaS applications when a request comes in. Check out our product update to learn all about the new features so you can process DSARs faster and with more confidence.
If you’re interested in working at Osano, check out our Careers page! We might have the perfect opportunity for you.
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.