Hello from snow-draped Portsmouth, New Hampshire!

Even as the holiday season approaches, developments in privacy and data protection show no signs of letting up.

An overarching topic of interest this year, a potential federal data privacy law, continued to generate headlines over the past week. In an op-ed for The Hill, Professors Woodrow Hartzog and Neil Richards discussed COPRA, the bill recently introduced in the Senate by Sen. Maria Cantwell, D-Wash., labeling it “probably the most robust U.S. privacy bill in history.” Yet, they also expressed the concern that it risks becoming an ineffective American version of European data protection standards, or “GDPR-lite,” as the bill’s “retreat to consent” leaves it open to “exploitation and dilution.”

I have also been trying to analyze these proposals for our members and distill them down to their essences. In my latest piece, I looked at the issue of data privacy through a bipartisan lens and argued that the protections outlined in the data privacy bills with sponsors from both parties, as well as the overlapping provisions in COPRA and CDPA, have the greatest chances of inclusion in a federal bill that can gain the votes necessary for adoption. As congressional hearings and discussions around privacy at the federal level continue, it seems increasingly true that bipartisanship is necessary for comprehensive federal reform of U.S. privacy regulation. While policy discussions are thought-provoking and important for all of us who are interested in privacy to follow, it is worth remembering that lawmaking is also about politics, coalition-building and negotiating. In this vein, writing for The New York Times, Charlie Warzel argued that, although the Cantwell and Wicker bills “are not really that far apart … the disagreements are too important.” He also calls on Congress not to act too hastily, as “the issue is far too complex and too important to rush.”

With one eye looking toward these activities in Congress, privacy pros must also keep the other eye fixed on developments happening at the state level.

Indeed, with the CCPA’s compliance date of Jan. 1 just weeks away, focus has turned to how enforcement of the law will be carried out. In an interview with Reuters, California Attorney General Xavier Becerra gave some indication of how his office will approach enforcement, explaining that, given their limited resources, “we will look kindly on those that ... demonstrate an effort to comply,” while also declaring that he will “make an example” of companies not operating properly, “to show that if you don’t do it the right way, this is what is going to happen to you.”

It also appears that some companies are taking a conservative approach to complying with a law and accompanying regulations that are infamous for their complexity and ambiguity. As such, some advertisers are reportedly paring down their targeted advertising programs, while adtech firms put in place greater limits on data sharing and use in preparation for the CCPA.

To track the pace of these ongoing compliance efforts, IAPP and OneTrust have been surveying U.S.-based privacy professionals throughout the year to benchmark their progress on CCPA compliance. The objective was to measure progress toward compliance over time, as well as better understand the motivations and barriers to it. The third and final survey has demonstrated that while organizations have continued to make progress toward full compliance with the CCPA, there is still a lot of work to be done before 2019 ends, in 2020, as well as beyond.

It is always exciting at this time of the year to think about what the New Year will bring. It’s an especially exciting year for privacy pros as the CCPA compliance date of Jan. 1 approaches and action around federal privacy legislation is set to continue.

Wishing you all a happy holiday season.