5 Notable U.S. Privacy Law Developments
Daniel Solove
Professor, GW Law School + CEO, TeachPrivacy + Organizer, Privacy+Security Forum
A lot has happened in privacy law in 2022 . . . which is actually nothing new because so much happens every year. I have thought about which 5 developments are the most notable, and here’s my list.?
Have a moment? I'm running a short survey to see what other privacy professionals think.
5. ADPPA. The American Data Privacy and Protection Act (ADPPA) was introduced in the House of Representatives on June 21, 2022. It has gone further than most attempts at a comprehensive privacy law. My sense now is that the passage of the ADPPA is a longshot, hung up on the fact that it preempts state privacy laws, a difficult hurdle because California is so committed to regulating in this area.
My Writings and Resources on ADPPA:
4. California Age-Appropriate Design Code Act. I originally was going to cheat and lump all state privacy law developments together, but I decided it wouldn’t be fair.?I therefore choose the California Age-Appropriate Design Code Act , passed in September 2022.?The Act has a broader scope than COPPA, and it requires configuring defaults to a high level of privacy, focusing on children's best interests, completing a data protection impact assessment for the launch of services or products, and many other things.
Had I cheated and lumped state law developments together, I would have included the consumer privacy laws of Connecticut and Utah, the first jury trial verdict under the Illinois Biometric Information Privacy Act (BIPA) for $228 million , and Colorado’s draft Privacy Act regulations , and the first enforcement action under the CCPA. Plus the CPRA changes to the CCPA go into effect on January 1, 2023, and employee data will be covered. But I’ll save that one for next year!
Of Potential Interest: Updated CCPA Whiteboard Is Just Released!
领英推荐
3. EU Digital Services Act. In July 2022, the EU Parliament approved the Digital Services Act . This is a bold law that imposes many duties on large online platforms and search engines. ?The Digital Services Act includes requirements for mitigating risks such as disinformation and online harassment; bans targeted ads by profiling children or based on sensitive data; andrequires independent auditing.
2. Transatlantic Data Transfer Framework. A new agreement has been reached to patch cross-border data transfer after Schrems II. This new arrangement makes changes in the U.S. surveillance regime via executive order, and it revives the EU-US Privacy Shield.
1. Dobbs. In Dobbs v. Jackson Women's Health Organization (U.S. 2022), the U.S. Supreme Court eliminated the right to abortion. Although not about information privacy, the Dobbs case has profound effects for information privacy. As Professor Elizabeth Joh aptly writes : “Dobbs has been called a turning back the clock for abortion rights and women’s rights. But that is not quite accurate. The Court has decided Dobbs at a time when unprecedented amounts of digital data about us now exist thanks to an enormous surveillance infrastructure.”
Honorable Mention: FTC Commercial Surveillance and Data Security Rulemaking (because the process has just begun). On August 11, 2022, the FTC began a rulemaking under the onerous procedures of the Magnuson-Moss Warranty Act.?The FTC is focusing on secret commercial surveillance practices, the use of algorithms and automated systems to analyze data, discrimination, and dark patterns, among other things. This is a bold move for the FTC, and the Magnusson-Moss process presents a mountain to climb. If the FTC can pull this off, it will be quite an achievement.
Read more privacy news on the?blog at TeachPrivacy , my company that provides privacy and data security training to businesses, healthcare institutions, universities, and other organizations.
Join my free weekly email newsletter ?for more great privacy analysis, cartoons, whiteboards, events and resources.
Daniel J. Solove is a law professor at the George Washington University Law School and a leading international expert on privacy law.?Learn more at?TeachPrivacy.com .?For education and events, check out the?Privacy + Security Academy .
Attorney, Data Privacy, Litigation, Compliance, M&A. “I am the one who knocks”
2 年Professor, do you believe that the executive order will be enough or would we need additional legislation?