CCPA Enforcement

In October, Peter and Tara wrote about the various dates and issues to navigate with the California Consumer Privacy Act {“CCPA’). In 2020, particularly July when the Attorney General begins enforcing the law, we will begin to see treatment of privacy practices for those entities required to be CCPA compliant. 2020 may also be the year that we get clarity on how entities should handle “Do Not Sell” links, and proper verification of those claiming to be consumers exercising their CCPA rights.

Role of Privacy in 2020 Election

In 2019, the topic of large scale data transfers became a significant United Kingdom election topic. Hillary Clinton said the Brexit vote was a precursor to her defeat by Donald Trump in the 2016 U.S. presidential election. It will be interesting to see the role privacy takes on in the 2020 U.S. presidential election, considering the discussions that took place after the 2016 elections about the role Big Data plays in society, and how it can be exploited by bad actors.

Federal Privacy Law

In late November, top Senate Democrats unveiled a new online privacy bill.  One year ago, the Business Roundtable released their own framework for a federal privacy law.  The bill proposed by the Senate Democrats shares some similarities with California’s rules, would not preempt the CCPA, and would allow other states to pass privacy laws of their own. However, the Business Roundtable framework, which also shares some similarities with the CCPA, expressly preempts all state privacy laws. In 2020, we will see if any bill gains traction and if there is compromise on the issue of preemption.

Indian Data Privacy Law

India is weighing instituting its own national privacy law. The latest iteration of the proposal contains certain data localization requirements which would have a significant impact on American and European companies that work with Indian consumers. The latest proposal also reserves access for the central government to information collected by entities when they deem it necessary. The new year should bring resolution to both these issues and may bring us the most complicated national privacy law to date.

Impact of State Privacy = One Enterprise Solution

Many states in 2020 will be considering their own privacy bills. As these proposals become laws, the inefficiency involved with creating differentiated security and privacy schemes for consumers based on residency will become clear as well. 2020 may be the year we see companies implement enterprise-wide cybersecurity and privacy practices. This would make the issue of preemption meaningless as they would be providing all consumers with greater transparency and rights anyway.