Data privacy issues continue to be front and center in 2021. The California Consumer Privacy Act (CCPA) reached its first anniversary on January 1, 2021, yet was already materially amended by the Consumer Privacy Rights Act (otherwise referred to as the CPRA or CCPA 2.0) that passed by ballot initiative in the November election. The CPRA will bring even more compliance hurdles for companies across the U.S. (not just those in California) while removing certain liability protections afforded by the CCPA. Most recently, Virginia passed its own omnibus privacy legislation with other states appearing to be close behind.
Meanwhile, across the Atlantic, the Schrems II decision by the European Court of Justice invalidated the U.S. Privacy Shield program as a valid transfer mechanism for U.S. companies to transfer personal data from the EEA. The decision also sparked reactions across E.U. member states regarding whether the most common mechanism, standard contractual clauses (SCCs), remains valid for data transfers. Since the Schrems II decision, the European Commission issued a draft decision on the use of new SCCs for international data transfers along with a new set of SCCs. Meanwhile, the European Data Protection Board (EDPB) issued guidance on cross-border data transfers, and together with the European Data Protection Supervisor adopted joint opinions on the new set of SCCs proposed by the Commission.
What will happen next? Will the new administration fuel even more legislative changes? We don’t have a crystal ball, but we will offer some strategies for meeting these and other regulatory challenges.
Join us for a timely discussion of these and other significant developments impacting data protection requirements.
Please note that this event is for in-house counsel only.