Happy spring, U.S. Privacy Digest readers!
I don’t know about all of you, but the extra hour of light at the end of each day this week has made all the difference for me. And even though I can hear the chilly wind gusting outside as I write this, tomorrow’s official declaration of spring on the calendar brings welcome news that warmer, brighter days are within reach. I can’t wait to watch the flowers bloom in the yard and get my garden going — I’m a newbie, so wish me luck.
But until then, the ever-busy, exciting privacy world will keep my mind focused.
This week, the 117th U.S. Congress saw its first proposal for comprehensive privacy legislation. The Information Transparency and Personal Data Control Act, sponsored by Rep. Suzan DelBene, D-Wash., creates protections for processing sensitive personal information and would appropriate $350 million in additional funding to the Federal Trade Commission for privacy and data security enforcement. For more details on the proposal, check out this piece by my colleague, Senior Westin Research Fellow Muge Fazlioglu, CIPP/E, CIPP/US.
This is DelBene’s third version of the bill, and it’s likely it won’t be the last federal proposal this Congress sees, but whether or not it progresses, state activity sure keeps heating up. On top of Virginia, which recently became the second state to pass comprehensive privacy legislation, more than a dozen other states are advancing their own privacy proposals. Among them is the Washington Privacy Act, which earlier this month passed the Senate nearly unanimously and this past Wednesday was heard before the House Civil Rights & Judiciary Committee. The WPA is on the committee’s agenda for an executive session March 26, but with Wednesday’s testimony split fairly evenly among supporters and opponents, it’s hard to gauge what its stance will be.
California also made major moves this week, approving new regulations implementing the California Consumer Privacy Act and announcing appointments to the first privacy-dedicated regulator in the U.S. The California Privacy Protection Agency, mandated by the California Privacy Rights Act that was approved by voters last November, will have jurisdiction to implement and enforce both the CCPA and CPRA.
How these federal and state proposals will play out and the impact they could have on each other will be interesting to keep an eye on — particularly as DelBene’s proposal includes a preemption provision that would nullify state laws related to data privacy.
Fazlioglu offered us some words of wisdom: “It is important to recognize the diverse forces that are at play in the process, including not only the passage of state privacy laws, but also COVID-19, lobbying, U.S. diplomacy and international agreements,” she wrote. “Of course, only time will tell what effect each of these will have on the prospects for and the final shape of any new federal privacy law.”