Hello and happy holidays!
The holiday season is upon us and the end of the year is fast approaching. That means it’s one of my last opportunities to harp on the importance of becoming compliant with the new state privacy laws coming online in 2023.
Specifically, two laws come into effect on January 1, 2023:
- California’s CPRA
- Virginia’s VCDPA
If your business is subject to those laws, you’ll want to start working toward compliance as soon as possible, because two more laws come into effect midway through 2023. Coming into effect on July 1, 2023, we have:
- Connecticut’s CTDPA
- Colorado’s CPA
And finally, to cap the year off, Utah’s UCPA comes into effect on December 31, 2023.
Although the year is ending, it will still be valuable to review our countdown series, in which we discussed which elements of compliance businesses should tackle and when—even if you’re just getting started. As they say, the best time to plant a tree was 20 years ago; the second best time is now.
- 6-month countdown to 2023’s state privacy laws
- 3-month countdown to 2023’s state privacy laws
- 1-month countdown to 2023’s state privacy laws
Musk Twitter Leak Raises Concern About Outside Data Access
After handing over a series of internal Twitter documents to a select group of writers, other journalists are concerned that Elon Musk may have exposed Twitter users’ personally identifiable information.
Musk’s Twitter disbands its Trust and Safety advisory group
Elon Musk’s Twitter has dissolved its Trust and Safety Council, an advisory group of around 100 independent civil, human rights, and other organizations that were tasked with addressing hate speech, child exploitation, suicide, self-harm, and other problematic content on the platform. The dissolution may spell bad news for Twitter’s ability to comply with the EU’s new content moderation law, the Digital Services Act.
EU confirms draft decision on replacement US data transfer pact
Recently, the European Commission announced a draft decision on U.S. adequacy, bringing both countries one step closer to a replacement data privacy framework to be adopted in 2023. Ever since the Schrems II court decision invalidated the Privacy Shield—the previous EU-U.S. data transfer framework—data transfers between the two countries have been on uncertain legal grounds.
CPRA rulemaking meeting coming December 16
On December 16th at 9:00 a.m. pacific time, the California Privacy Protection Agency (CPPA) will hold a meeting touching on multiple subjects, including the agency’s participation in the California Children’s Data Protection Working Group, the CPPA budget and legislative policy updates, and most notably, the next steps regarding the CPRA rulemaking process.
EU court: Google must delete inaccurate search info if asked
If a search result about a given EU citizen can be proven to be inaccurate, Google must delete that search result, said a European top court. The decision is based on the GDPR’s “right to be forgotten.”
AG Data Breach Report: Data breaches remain at historic highs in 2022
Washington state’s Attorney General Bob Ferguson’s office reported that 4.5 million notices were sent to Washingtonians impacted by data breaches in 2022. Included in the report were policy suggestions around how to implement more robust data privacy regulations in Washington state.
Multiple Attorneys General Encourages the Federal Trade Commission to Take Concrete Steps to Protect Americans’ Privacy
Led by Massachusetts’s Attorney General Maura Healey, the Attorneys General of over 30 states sent a bipartisan comment letter to the Federal Trade Commission (FTC) urging action on a variety of data privacy subjects, including consumers’ medical data, biometric data, and location data, along with the dangers that arise from data brokers and the surveillance of consumers. The letter was issued in response to an FTC Advanced Notice of Proposed Rulemaking on the topic of commercial surveillance and data security.
Google Defeats One Suit Over Chrome Data Privacy Practices
Google successfully defended itself in a privacy lawsuit of consumers who alleged the company continued to track their data even after they opted out. “Google adequately disclosed, and plaintiffs consented to, the collection of the at-issue data,” wrote U.S. District Judge Yvonne Gonzalez Rogers wrote in dismissing the suit.
Osano blog: 1-month countdown to 2023’s state privacy laws
The last installment in our countdown series is here! The Osano team has been producing blog posts that describe what activities businesses should carry out and when in order to enter 2023 prepared for the slew of new data privacy laws coming online in that year. In this edition, we describe the last set of steps that a business needs to take in order to have a strong foundation for compliance in the new year.
Interested in working at Osano? Check out our Careers page! We might have the perfect opportunity for you.