Global Privacy Legislative Updates

Written By Haley Metteauer

In 2021, several states have implemented new policies or amendments to existing policies regarding consumer’s privacy rights. Although Texas has yet to pass any similar amendments, your organization should review these legislative changes for the purpose of doing business with these states and to apprise yourself of potential changes in the sector.  

  • California

    • On March 15, 2021, California added additional regulations under the California Consumer Privacy Act of 2018 ('CCPA').

      • The approved regulations ban 'dark patterns' that delay or obscure the process for opting out of the sale of personal information and prohibit the burdening of consumers with confusing language or unnecessary steps, such as forcing them to click through multiple screens, or presenting reasons why they should not opt out.

    • On November 4, 2020, California approved the implementation of the California Privacy Rights Act of 2020 ('CPRA')

      • The CPRA amends the California Consumer Privacy Act of 2018 ('CCPA') and would impose several requirements on businesses, including:

        • do not share a consumer's personal information upon the consumer's request;

        • provide consumers with an opt-out option for having their sensitive personal information, as defined in law, used or disclosed for advertising or marketing;

        • obtain permission before collecting data from consumers who are younger than 16;

        • obtain permission from a parent or guardian before collecting data from consumers who are younger than 13; and

        • correct a consumer's inaccurate personal information upon the consumer's request.

      • This Act will go into effect on January 1, 2023, and would apply only to personal information collected after January 1, 2022.

  • Virginia

    • On March 2, 2021, the Virginia State Governor signed House Bill ('HB') 2307 to Amend the Code of Virginia by adding in Title 59.1 a Chapter Numbered 52, Consisting of Sections Numbered 59.1-571 - 59.1-581, relating to the Consumer Data Protection Act ('CDPA'), and its State Senate companion bill 1392

      • The bill outlines responsibilities and privacy protection standards for data controllers and processors of personal data in the Commonwealth and grants consumer rights to access, correct, delete, and obtain a copy of personal data and to opt out of the processing of personal data for the purposes of targeted advertising.

      • The CDPA will enter effect on 1 January 2023.

  • Wisconsin

    • On July 15, 2021, Governor Tony Evers had signed Act 73, which creates Chapter 601, Subchapter IX of the Wisconsin Statutes on Insurance Data Security.

  • Ohio

    • On July 21, 2021, Representatives Rick Carfagna and Thomas Hall introduced House Bill ('HB') 376 to enact the Ohio Personal Privacy Act.  

  • Colorado

    • On June 8, 2021, the Colorado Senate repassed Senate Bill ('SB') 21-190 for an Act concerning additional protection of data relating to personal privacy ('CPA').

    • SB 21-190 now requires the signature of the Governor, or it can become law without the Governor's signature if not expressly vetoed. Once enacted, SB 21-190 will go into effect on 1 July 2023.

  • Puerto Rico

    • On April 20, 2021, House Bill ('HB') 655 for the Electronic Information Privacy Act was introduced to the Puerto Rico House of Representatives.

Haley Metteauer
Previous

Fifth Circuit Issues Rules on Risk of Loss in Data Breach
Next

OFAC issued its “Sanctions Compliance Guidance for the Virtual Currency Industry”