•  

Privacy Insider newsletter: March 30, 2021

  • by Angelique Carson
  • last updated March 30, 2021
  • 3 min read
Privacy Insider newsletter: March 30, 2021

Welcome to Privacy Insider newsletter, a round-up of the week's most important privacy news.

If you're following U.S. states' race to pass privacy laws, there's been movement on three bills that are worth your attention. 

In Washington state, the House Committee on Civil Rights & Judiciary passed the Washington Privacy Act (WPA). The bill, which includes a private right of action as a consumer remedy, will be passed on to the appropriation committee. This is significant because it was a private right of action that killed the WPA in its last push for passage. But, as David Stauss writes for JDSupra, this private right of action is more narrow than the previous, increasing the bill's chances for survival.

Washington is keen to get a privacy law on the books (finally) after two failed attempts and a process that began in 2019. Many expected the state to be the next to pass a privacy law after California -- until Virginia swooped in and passed its own. 

Second: Oklahoma's House of Representatives passed the  Oklahoma Computer Data Privacy Act on March 4. The bill looks a lot like California's Consumer Privacy Act (CCPA), but unlike the CCPA, it would require consumers' opt-in consent before businesses could collect, use or sell their personal information. However, the bill does not allow consumers to pursue a private right of action in its current form. Obviously, industry hates the opt-in consent provisions and loves that the legislation doesn't allow for private lawsuits. And for privacy advocates, the reverse is true. 

Lastly, pay attention to Colorado. On March 19, lawmakers introduced the Colorado Privacy Act. The bill would allow consumers to opt-out of businesses' processing of their personal data, unlike Oklahoma's opt-in model. It also includes rights on data access, correction and deletion. 

Try Osano Free!

Enjoy reading, and I'll see you next week!


  1. EU Commission reaches draft agreement with South Korea on data flows

    The European Commission says it has reached a draft agreement with South Korea on the free flow of data between the two countries, Reuters reports. The agreement, which must now be approved by European Parliament and the European Data Protection Board, follows four years of negotiations. "The European Commission will now proceed with launching the decision-making procedure with a view to having the adequacy decision adopted as soon as possible in the coming months," said a spokesperson for the commission.
    Read Story

  2. EU Commission vice president: We’ll intervene if DPAs can’t get along

    Following criticism about the length of time it’s taking the Irish data protection commissioner to resolve investigations of big tech companies like Facebook and Apple, one EU commissioner said the “public squabbles” have to stop. European Commission Vice President Vera Jourova said if data protection authorities can’t “focus on the issues and improve their cooperation,” the EU would “have to consider an intervention probably in the direction of a more centralized model.”
    Read Story

  3. Industry pushes for ‘vaccine passports,’ but what about privacy risks?

    While the tourism and entertainment industries push for  a COVID-19 “vaccine passport” to allow those vaccinated to travel more freely, the sensitive health data it would involve is raising privacy concerns, CNBC reports. Singapore Airlines is piloting a “travel pass” the International Air Transport Association launched that incorporates blockchain as a safeguard. The data is stored on a person’s cell phone and not in a centralized database. The EU Commission says its own proposed plan would involve “essential information” only.
    Read Story

    Curious about privacy? Find out how Osano automates compliance & saves you time! Learn more

  4. Need to data map? Here’s how to get started

    Data mapping sounds kind of dreadful, doesn’t it? Overwhelming at least. When you imagine the trails of data stretching for virtual miles at even small companies, mapping where it all leads can feel like an arduous task. And to be honest, it is. This how-to guide aims to inform you of the process, who to involve and what to expect.
    Read Story

  5. Advertisers scrambling for personal data in response to third-party cookie phase-out

    When Google announced it would phase-out third-party cookies, it looked like a win for the privacy advocates who’ve been calling the tracking technology a privacy invasion for years. But in response, advertisers and other organizations are finding ways to create what they say is technically “first-party data,” to fuel the ad tech supply chain, Digiday reports. In addition, because the end of third-party cookies is near, there’s been a big push to collect as much first-party data as possible to compensate for the impending loss. 
    Read Story

  6. UK rethinks COVID-19 contract with Palantir 

    The U.K. government has paused an agreement with data-mining company Palantir after first signing an emergency contract with the firm in December 2020 to help fight COVID-19. Civil liberties organization OpenDemocracy filed legal proceedings against the two-year contract, which would have given Palantir access to the NHS COVID-19 database. The NHS has now agreed to conduct a data protection impact assessment ahead of any new contract, ComputerWeekly reports.
    Read Story

About The Author · Angelique Carson

Angelique Carson is a professional writer and editor who's worked in journalism and publishing for more than 10 years. She is currently Director of Content at Osano, a B-corp privacy-solution platform aiming to make compliance with global privacy laws easy for companies, including small- and medium-sized businesses. She was previously an editor at the International Association of Privacy Professionals and the host of The Privacy Advisor Podcast. She lives in Washington, D.C. with her puppy Miles.