Data privacy is one of the most critical and disputed areas of debate in technology policy and regulation. This is an exciting and important time to learn about privacy, as the way in which information is shared, collected and utilized is now an essential aspect of our lives. In 2020, we experienced many privacy regulation benchmarks, as state-level, federal and international privacy laws were enacted.

 Recent advancements in Data Privacy Regulation:

·      In Europe, the General Data Protection Regulation (GDPR) enables the European Union (EU) to fine companies up to 4% or €20 million of their annual Global revenue for failing to comply with GDPR law. This regulation is extraterritorial meaning that the regulation affects U.S. companies that offer goods or services to EU residents or monitor their behavior. The GDPR went into effect on May 25th, 2018. 

 ·      On January 1, 2020, the California Consumer Privacy Act (CCPA) went into effect and on 11th December the California Privacy Rights Act (CPRA) became effective. 

·      In 2020 alone, consumer data and privacy legislation bills were considered in thirty U.S. states and Puerto Rico. Many of the state-level bills are yet to pass but the level of awareness and consideration that data privacy regulation is receiving indicates growing demand to protect consumer data. 

How these recent advancements in privacy regulation are designed to protect consumers:

·      The EU’s GDPR provides individuals with eight rights including the right to access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and rights related to automated decision making including profiling. The GDPR is credited with inspiring the enactment of privacy laws throughout the world.

·      The CCPA requires businesses to provide more information to consumers about what happens with their data and gives consumers more options regarding the sharing of their data.  Businesses that are in scope are for-profit businesses in California that meet any of the following:

o   Have a gross annual revenue of over $25 million;

o   Buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices; or

o   Derive 50% or more of their annual revenue from selling California residents’ personal information.

·      The CRPA (also known as Prop 24) provides residents of California with the right to correct information, the right to limit sensitive personal information, the right to access information about automated decision making and the right to opt-out of automated decision-making technology. The CRPA also expanded and modified rights including expanding the right to know, an expanded right to opt out, a modified right to delete, an expanded right to data portability and strengthened opt-in rights for minors. The CPRA's effective date is January 1, 2023.

The emergence of new and enhanced privacy regulation is an encouraging step toward protecting consumers’ personal data. However, this is where the work begins for individuals, as the onus is often on people to protect their own information. 

Privaci Learning encourages individuals to research the data privacy laws of their respective countries and states, as regulations will vary. When visiting and utilizing a website, locate and read its privacy policy and privacy settings when applicable. 

Privaci Learning is passionate about data privacy rights awareness. We strive to share critical knowledge about privacy with consumers and professionals. If you want to learn more, start now by visiting the Privaci Learning website where we share notes and outlines on data privacy.

Click here or visit www.privacilearning.com.