'Most Innovative Startup 2020' by RSA - Watch the video

Learn More

Global data privacy laws and regulations have been evolving for several years. These privacy laws have come a long way from sectoral guidelines, local regulations, and laws to comprehensive national-level legislation that applies extraterritorially. Many of these laws are enforceable by dedicated regulatory agencies (Attorney general of California enforcing the CCPA), which can levy significant fines and other penalties (such as class action lawsuits) for non-compliance.

In the United States, there is a patchwork of state laws, industry-led guidelines, and sectoral legislation that govern data privacy. Some of these laws include the CCPA, Nevada Senate Bill 220, the Maine Act, NYCRR, and many more.

In the last three years, The three most notable additions/changes to data privacy laws in the U.S. were:

  1. CCPA goes into effect
  2. CPRA amendments
  3. SCHREMS-II verdict

However, without an overarching federal data privacy law, average citizens’ data continues to be at risk.

Is a Federal Data Privacy Law a Potential Reality?

It is anticipated that the new administration could pursue a federal privacy regulation. Vice President-elect Kamala Harris has shown interest in privacy-related topics during her career as California Attorney General and U.S. Senator. Being a strong proponent of data privacy, Vice-President Harris is expected to encourage President Biden to sign a federal data privacy bill if it gets passed in the House and Senate. With a single party leading the government’s legislative and executive branches, a Federal Privacy bill could soon become law.

As mentioned in the National Law Review article, during her tenure as California Attorney General, Kamala Harris actively promoted data privacy in California. In January 2013, her office issued a report named (Privacy on the Go: Recommendations for the Mobile Ecosystem). This report encourages tech giants like Amazon, Apple, Google, Hewlett-Packard, Microsoft, Research In Motion, and Facebook, that process vast amounts of consumer data, to be responsible custodians of this data. Ms. Harris also created the Privacy Enforcement and Protection Unit of the California Attorney General’s Office. This unit was tasked to enforce identity theft, cybersecurity, and data breach laws. Currently, the Privacy Enforcement and Protection Unit (PEPU) is responsible for enforcing the California Consumer Privacy Act.

Federal-level legislation covering all U.S. states will help close any loopholes that individual state laws might have open. A federal privacy law would also make it easier for data processors to organize and consolidate compliance efforts as they won’t be required to follow different state regulations.

The new administration will also take steps to address the EU and U.S.’s transatlantic data transfers after the EU-U.S. Privacy Shield was invalidated by the CJEU last year. The SCHREMS-II decision was in light of  U.S. intelligence agencies’ expansive and unaccountable data surveillance practices. Experts predict that the new administration will negotiate with the EU to deliver a revised cross-border data transfer law. Since the Federal Trade Commission is responsible for enforcing data privacy laws, experts believe that the Biden Administration will empower the Federal Trade Commission (FTC) to enforce privacy regulations.

In addition to data privacy, cybersecurity is also a significant topic of discussion among the new administration officials. In light of the recent cyber-attacks on the U.S. government, the new administration is expected to prioritize measures to prevent future cyber attacks.

Are States taking steps to enact their own Data Privacy Legislation?

In case the federal government fails to enact a Federal Privacy law, U.S. states are likely to implement their own data privacy legislation. The National Law Review has extracted a few quotes from Pollyanna Sanderson, policy counsel with the Future of Privacy Forum, an organization lobbying for more robust data privacy protections.

"In the states, we've seen a huge acceleration in understanding and interest in how privacy works in a technical sense and a willingness to do more," said Sanderson.

U.S. states such as  Washington and New York are taking a cue from California to craft their own state data privacy laws. It is expected that even if a federal data privacy law is implemented, it may not preempt stricter state laws - allowing state legislation to continue to remain relevant.

"Nearly half of the states introduced privacy bills in the first half of 2020. That was all put on hold due to  COVID-19. But these laws are likely to return into consideration as the vaccine begins to roll out and the world returns to business as usual," said Sanderson.

Conclusion

A federal data privacy law will bring a stronger foundation for managing data privacy in the U.S. and safeguard consumers’ personal information. A few predictions for the next four years:

  1. A Federal level Data Privacy legislation is signed into law.
  2. There will be stricter regulations and enforcement of regulations on data privacy.
  3. There will be Privacy law enforcement by an empowered FTC.
  4. Updates to SCHREMS-II decision, making transatlantic data transfers easier.
  5. Cyber Security Leaders will improve cybersecurity processes that safeguard critical data at public and private institutions.

Share this

Our Videos

cookie_video View More
01:49

Cookie Consent Management

Automate and manage the entire consent life cycle with efficiency for various cookie compliance regulations around the world.

Learn More
View More
3:00

Sensitive Data Intelligence

Discover granular insights into all aspects of your privacy and security functions while reducing security risks and lowering the overall costs

Learn More
data mapping video thumbnail View More
3:00

Data Mapping Automation

Simplify gathering information, dynamically update your data catalog, and automate assessments and reports

Learn More
View More
02:40

An IT Leader’s Perspective on CCPA

Meet Brian Lillie, Former CPO at Equinix as he discusses the potential challenges of CCPA and how the PrivacyOps framework can be the key to unlocking compliance.

Learn More
Most Innovative Startup 2020 SECURITI.ai View More
03:42

RSA Innovation Sandbox 2020: Securiti

Watch the 3-minute pitch presented by Rehan Jalil on SECURITI.ai in the RSAC Sandbox Competition

Learn More
CCPA View More
07:10

CCPA Compliance

CCPA protects consumers from mismanagement of their personal data and gives the consumer control over what data is collected, processed, shared or sold.

Learn More