Skip to content

Menu

ChannelsPublishersSubscribe
LexBlog, Inc. logo
LexBlog, Inc. logo
ProductsSub-MenuBlogsPortalsTwentySyndicationMicrositesResource Center
Join
Search
Close
Join the Movement. Blog 4 Good

2020 Brings Times of Change: Key Privacy Law Updates This Year

By Elizabeth M. Boone & Erin Jane Illman on November 10, 2020
EmailTweetLikeLinkedIn

2020 Brings Times of Change: Key Privacy Law Updates This YearThe privacy law landscape is constantly changing, and it can feel like a daunting task for businesses to keep up with the laws of 50 states in the U.S. plus any international laws that also may be applicable. 2020 seems to be a banner year for change on many fronts. COVID-19 and the 2020 elections have caused profound changes this year, but for those who are affected by changing privacy laws, this has been a remarkable year of change as well.

For example, the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020; the final regulations under CCPA were approved by the California Office of Administrative Law in August of 2020; and shortly thereafter, the November elections brought additional change with the passage of the California Privacy Rights Act (CPRA). CPRA does not go into effect until January 1, 2023, however, it does have a one-year lookback, which means that companies will need to be largely in compliance by January 1, 2022. Additionally, anyone who has implemented CCPA or GDPR, will attest to how quickly two years can fly by when attempting to understand the multitude of changes imposed by a comprehensive privacy law like CPRA. The culmination of new requirements and broad scope of CPRA will need to be understood and implemented into privacy policies and procedures going forward in an effort to ensure compliance on January 1, 2023.

However, the CCPA/CPRA changes are only one example of the consumer data privacy legislation changes this year. According to the National Conference of State Legislatures, in 2020, bills relating to consumer data privacy legislation were considered in at least 30 states and in Puerto Rico (see NCSL 2020 Consumer Data Privacy Legislation). Though most of these bills were not passed, the fact that these bills were considered is an indicator of the interest in protection of consumer data and seems to foreshadow an increase in privacy regulation in the future.

From an international perspective, 2020 also brought the invalidation of the EU – U.S. Privacy Shield framework by Schrems II, which caused many businesses to have to rethink their approach to transfers of personal data between the European Union or United Kingdom and the U.S. (see Schrems II, Part 2 – Additional Guidance for the Transfer of Personal Data Between the EU and U.S.). Schrems II did not invalidate the use of Standard Contractual Clauses (SCCs) for transfer of data but it did call into question whether the SCCs are adequate to address the risks associated with data transfers to a non-EU country. The data exporter may need to apply supplementary measures, in addition to SCCs, if needed to protect the personal data when transferred. Supplemental measures can include encryption, anonymization, and pseudonymization, as well as other tools. Schrems II requires that businesses analyze the protections currently in place for data transfers between the EU or the UK and the U.S. to ensure compliance.

Awareness of these changes and implementing privacy policies and practices that protect your business are key during these changing times. Continue to rely on Bradley to keep you up to date on privacy rights and obligations.

Photo of Elizabeth M. Boone Elizabeth M. Boone

Elizabeth Boone

Elizabeth advises clients on business transactions and compliance matters domestically and internationally, including contract negotiation, establishment and maintenance of legal entities, establishment of terms and conditions for the sale of goods, privacy compliance matters, employment matters and real estate transactions. She…

Elizabeth Boone

Elizabeth advises clients on business transactions and compliance matters domestically and internationally, including contract negotiation, establishment and maintenance of legal entities, establishment of terms and conditions for the sale of goods, privacy compliance matters, employment matters and real estate transactions. She regularly assists clients with ensuring compliance with GDPR, EU ePrivacy Directive (cookie law), CCPA, and other state-specific privacy laws.

Read more about Elizabeth M. BooneEmail Elizabeth's Linkedin Profile
Show more Show less
Photo of Erin Jane Illman Erin Jane Illman

Recognized as a Board Certified Specialist in Privacy and Data Security Law by the State of North Carolina, Erin Illman is an experienced thought leader in privacy, security, and the integration of technology into business practices. Erin is co-chair of Bradley’s Cybersecurity and…

Recognized as a Board Certified Specialist in Privacy and Data Security Law by the State of North Carolina, Erin Illman is an experienced thought leader in privacy, security, and the integration of technology into business practices. Erin is co-chair of Bradley’s Cybersecurity and Privacy Practice Group and leads the Firm’s Fintech team. After practicing in Silicon Valley and the San Francisco Bay Area for over a decade, Erin uses her deep experience with California state regulations to help clients navigate privacy and security concerns, consumer protection laws, as well other challenging legal matters that arise in the privacy space. She regularly advises clients on CCPA, GLBA, GDPR, HIPAA, COPPA, CAN-SPAM, FCRA, security breach notification laws, and other U.S. state and federal privacy and data security requirements, and global data protection laws.

Read more about Erin Jane IllmanEmail Erin Jane's Linkedin Profile
Show more Show less
  • Posted in:
    Privacy & Data Security
  • Blog:
    Online & On Point
  • Organization:
    Bradley Arant Boult Cummings LLP
  • Article: View Original Source

Stay Connected

Facebook LinkedIn Twitter RSS
Real Lawyers

Company

  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service

Products

  • Products
  • Blogs
  • Portals
  • Twenty
  • Syndication
  • Microsites

Support

  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center

New to the Network

  • Minding Your Business
  • In Search of Great Customer Experiences
  • Not For Profit/Exempt Organizations Blog
  • Tax Controversy & Financial Crimes Report
  • Roberts Disability Law Blog
Copyright © 2021, LexBlog, Inc. All Rights Reserved.
Powered By LexBlog