Privacy is an area of law that is ever-changing. The era of behavioral marketing a decade ago allowed companies to collect and analyze a sheer volume of customer information. From there, the Snowden leak spurred massive changes to European data law with many jurisdictions around the world following suit – including California. Today, California companies are facing significant challenges in complying with local and global privacy laws.
With all the recent developments in privacy, what should companies do today to comply with current laws and those we expect in the future?
Some of The More Significant Developments in Privacy in 2020
- Californians voted to replace the California Consumer Privacy Act, or CCPA, with the new and expanded California Privacy Rights Act (CPRA).
- There will be an increase in the number of privacy-minded individuals under the new administration.
- The Federal Trade Commission announced a settlement with Zoom recently asking them to implement a full privacy program.
- The European Data Protection Board issued draft recommendations on international data transfers.
- The European Commission released a draft of the new model standard contractual clauses. This is applicable for cross border data transfers between Europe and the United States.
The Drivers Behind Recent Privacy Developments
- The Snowden Revelations
When Edward Snowden revealed information on the scope of U.S. government surveillance, this became a cause of concern for Europe.
Due to the COVID pandemic, more employees are now working remotely. People are handling and processing confidential information on their own home networks, posing some serious security risks.
What is the CPRA?
CPRA was a ballot initiative to amend and expand the California Consumer Privacy Act. Also known as the Proposition 24, CPRA includes the following provisions:
- New definitions for sensitive data with limits on usage sharing
- Expanded breach liability
- Increased fines for misuse of children’s data
- Creation of a new privacy enforcement agency for the state of California.
Businesses subject to the new law include:
- Those making more than $25 million in annual revenue
- Those that hold or process the personal information of 100,000 or more California residents
- Those making 50% or more of its revenue from sharing or selling personal data of California residents.
If you meet any one of those thresholds, you will be subject to the CPRA.
General Prohibitions Under The CPRA:
- Deceptive practices
- Unfair trade practices
How Companies Can Prepare for CPRA compliance:
- Provide notice to users regarding the type of information you collect.
- For what purpose are you using that information?
- With whom are you sharing that information?
- How are you collecting information from individuals?
- Where are you storing the information?
- Who should be sharing the information?
- Be able to quickly identify data and delete it if requested.
Take a close look at the requirements even if they don’t apply to you right now. The CPRA may put pressure on the federal government to finally pass comparable federal privacy legislation. With the looming change in Government, there could be an appetite for this in the coming year. Companies need to be prepared.
To learn more about the significant privacy considerations challenging companies in 2020 and 2021, check out https://cgl-llp.com/podcasts/cgl010.
The materials available at this website are for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem. Use of and access to this website or any of the e-mail links contained within the site do not create an attorney-client relationship between CGL and the user or browser. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.