Greetings from Portsmouth, New Hampshire!
First-time notes writer but longtime reader of the U.S. Privacy Digest here. I’ll do my best to follow in the footsteps of my colleagues and peers who have paved the way for me to finally take my turn as your trusted scribe.
It is quite a treat to have my first letter coincide with Valentine’s Day, which I am wholly prepared for this year compared to others. I don’t think I’m the only one who has made that mad dash to the local florist — which, around here, happens to be my mother — or the nearest candy shop after realizing midway through the workday that I’m going home empty-handed. A lovely custom flower arrangement and reservations for two at a favorite local eatery will spare me the last-minute anxiety and scornful stares at home this time around.
Before we let all the love in the air take hold of us, let’s review a busy week of privacy happenings. The California attorney general’s release of its second iteration of the draft California Consumer Privacy Act regulations and a proposal for a federal data protection office from Sen. Kirsten Gillibrand, D-N.Y., captured my attention this week.
The California Department of Justice released its redlines for the latest draft of the CCPA regulations just as the IAPP headquarters emptied last Friday afternoon, making for some nice weekend reading material. Some highlights from the new draft include updated and additional notice requirements, tighter terms regarding service provider data use, and a slew of updated definitions. Below, you’ll find a more detailed breakdown of all the key changes from some of the DLA Piper team. The California attorney general has set a Feb. 25 deadline for public comments on the revisions.
As I mentioned, just as the dust began to settle on the CCPA news, Gillibrand announced her bill proposing the creation of a federal office dedicated solely to policing data privacy matters. Prior to the bill’s formal introduction, Gillibrand wrote an op-ed stating the proposed regulator “would serve as a ‘referee’ to define, arbitrate, and enforce rules to defend the protection of our personal data.”
The U.S. already has its de facto privacy regulator in the Federal Trade Commission, which took more criticism this week from Sen. Josh Hawley, R-Mo., who proposed reorganizing the commission and its duties. Between the slights from the Senate and a long-held stance on retaining enforcement powers under any form of federal privacy legislation, you can bet the FTC will not take kindly to either of these proposals. Safe to say, there’s no love lost on the federal privacy front this Valentine’s Day.