Hello, privacy pros!
A week removed from our first U.S.-based, in-person conference in nearly two years has provided me with time to reflect on all the fantastic conversations, workshops, keynote presentations and breakout sessions. Above all, it was great to see so many of you for real and have some sense of normalcy. Of course, we're in a new normal now with lots of mask-wearing and navigating the various comfort levels we all have in this era. Do we shake hands? Fist bump? Wave? Hug? Mask? No mask? Whatever our comfort levels may be, it was great to negotiate those and talk in person, to hear about your work, your challenges and your needs. I missed that these last two years. The bottom line for me is that it was great to be out and about, and I hope we're able to keep the momentum going. Maybe I'll see some of you in Brussels in a couple weeks? If you're going, please do reach out.
From a privacy news perspective, we learned a few important things during Privacy. Security. Risk. 2021. FTC Commissioner Rebecca Slaughter gave a detailed keynote speech about the strategic approach of her agency and how it does have some rulemaking authority under Section 18 of the FTC Act — something our own Joe Duball included in his recent exclusive on the latest developments with the FTC. Notably, she said, "We cannot sit idly by. The FTC does have tools, albeit imperfect ones, to tackle data abuses." Lots going on with the FTC right now — too much to detail here — but be assured we'll continue to bring you the latest.
We also heard from California's privacy authorities, including the Office of the Attorney General of California, by way of Stacey Schesser, and from Lydia de la Torre, who was recently appointed to the state's brand new privacy enforcer, the California Privacy Protection Agency. Schesser said her office has a history of working well with other agencies and that will continue with future work regulating alongside the CPPA. "We are here to work in collaboration and in parallel," she said. For de la Torre, building out the new agency with its new Executive Director Ashkan Soltani and the rest of the board will be an enormous task, but one that will be fruitful. She also noted that Soltani's appointment, with his experience and track record, indicates the agency will be technologically savvy.
On the data transfer front, the Department of Commerce's Christopher Hoff dropped an interesting nugget during one panel. For companies that are in Privacy Shield, he said, "You should probably stay in Privacy Shield. We're almost done." Now, keep in mind, that was merely a suggestion, but it's worth pointing out that the EU seemed optimistic this week as well. European Union Justice Commissioner Didier Reynders said, after meetings with officials in Washington last week, the two sides are making progress on issues like trans-Atlantic data flows and a Privacy Shield replacement. "We will try to see if it's possible to have a political, clear vision before the end of the year," he said. Fingers crossed!
And in case you missed it, we released the "IAPP-EY Annual Privacy Governance Report 2021" last week. I cannot stress this enough: There is some incredibly valuable data and takeaways in there. I highly recommend perusing this in-depth report. Perhaps it's something to dive into after a morning raking the leaves?