Greetings from Portsmouth, New Hampshire!
It's great to be back stateside after a busy and successful visit to London for our Data Protection Intensive last week. Of course, top of mind over there is the Brexit mess. The complexity, confusion and uncertainty ... ahem ... remain, but the latest from our friends across the Atlantic is that the EU has given Prime Minister Theresa May a two-week extension before the U.K. can leave the EU without an exit deal if May does not get parliamentary support for her deal with Brussels (the one the U.K. Parliament has already voted down twice). Even that one news update is confusing! If you have data transfers with the U.K., obviously this is an area you're hopefully watching. To help, on the surface at least, we've created a handy quick-view infographic on data transfers here. Feel free to download and share!
But onto U.S. privacy news.
Developments for a U.S. federal law were a bit quiet this week, but the Senate Committee on Commerce, Science, & Transportation will hold a hearing March 26 to gather small-business perspectives on a federal bill. It's good to see the committee is looking at this part of the economy. Of course, we'll be keeping an eye on any developments that come out of the hearing, so stay tuned.
From an enforcement perspective, state attorneys general are sounding the alarm, no doubt. It's the larger technology companies, however, that might be in their crosshairs. This is also where we're seeing a lot of potential enforcement overlap between privacy and competition. Some of the country's most influential state attorneys general, for one, think some in Silicon Valley have grown too large and amassed too much personal data. Louisiana Attorney General Jeff Landry, a Republican, summed it up: "I think what we've found is that big tech has become too big and that, while we may have been asleep at the wheel, they were able to consolidate a tremendous amount of power." Mix that warning with rumblings that the Federal Trade Commission may fine Facebook in the billions of dollars for privacy violations and the European Commission's fine this week of Google for nearly $2 billion for anti-competitive ad-search practices, we may well see a lot of regulatory action from several angles in the coming weeks and months.
And let's not forget about California. The state attorney general has wrapped up his series of hearings soliciting feedback on the CCPA but calls for clarifying technical errors and gray areas continue. We're happy to share this week a Privacy Perspectives post from one of the co-creators of the ballot initiative that spawned the CCPA. Mary Stone Ross spoke at our CCPA Comprehensive last month and was kind enough to share some of her thoughts on what clarifications are needed. This comes a couple of weeks after Lothar Determann shared an open letter he wrote to the California Assembly requesting specific technical changes to the law.
It's great being able to share these insights as they're part of the machinations of this paradigm-shifting privacy law here in the U.S. We hope you find them valuable.
In other states, Washington is currently holding a public hearing on the Washington Privacy Act. If you read this in time, you can livestream it here. Vermont's new data broker law also hit the headlines this week. A New Jersey–based company that collects and sells personal data told state regulators is did not knowingly collect data on minors, even though it advertised a mailing list of more than a million minors for sale on its company website. Though it's too early to say whether Vermont will take regulatory action, no doubt the regulatory landscape across the country is growing more fraught with risk.
Hopefully, you're paying attention.
If you want to comment on this post, you need to login.