Dear readers:
Since my colleague Michelle Clarke last week offered a retrospective of the year in U.S. privacy, I'll briefly look ahead to what we might expect in 2022. With two new state privacy laws on the books in 2021, it's not a bold statement to predict we'll see a lot more action among states next year. The question will be which ones. Regardless, know that we'll be following closely to keep you abreast of any developments.
The state-level action is clearly filling a void left by Capitol Hill. If you were in San Diego last October for our Privacy. Security. Risk. conference, you may have witnessed IAPP President & CEO J. Trevor Hughes ask the global privacy leaders of Apple, Google and Microsoft when they thought we'd see a federal law. Let's just say, don't expect one in 2022. With partisan wrangling only increasing (will the Senate, for example, confirm Alvaro Bedoya as the final FTC commissioner soon?), and with mid-term elections on the horizon, it's tough to imagine something will come out of Washington next year. But, stranger things have happened.
Significantly, however, we're seeing a new generation of regulatory action emerge across the world: China has a national privacy law; a parliamentary committee in India just presented its report to parliament on the nation's draft data protection bill this week; and the EU is rapidly moving its Digital Single Market strategy forward (see our latest podcast on this).
Will the U.S. continue to lag behind the global standards for digital regulation? Will the emergence of these major laws prompt more action in Washington?
And what about the convergence of competition and data protection enforcement in 2022? This week, Margrethe Vestager, the EU's competition chief, met with her counterparts in the U.S., the Justice Department's Jonathan Kanter and FTC Chair Lina Khan, and announced a "joint technology competition policy dialogue." What will this mean for the Big Tech companies, as well as for other companies engaging in major mergers and acquisitions? We'll be watching this closely too.
And, of course: data flows, data flows, data flows. With no Privacy Shield replacement on the horizon, what will become of trans-Atlantic data flows in the near term? It's hard to imagine national security reform here in the U.S. Will any new deals between the U.K. and U.S. have a broader effect on other transborder data flows? What about an alternative multilateral treaty for democratic nations?
Needless to say, though many questions linger, no doubt, 2022 will continue to be a crazy-hectic year in privacy. We'll be here to help keep track of it all for you. In the meantime, we hope you get a little R & R before 2022 hits the ground running.