This event took place on May 11, 2021.

Data privacy issues continue to be front and center in 2021. The California Consumer Privacy Act (CCPA) reached its first anniversary on January 1, 2021, yet was already materially amended by the Consumer Privacy Rights Act (otherwise referred to as the CPRA or CCPA 2.0) that passed by ballot initiative in the November election. The CPRA will bring even more compliance hurdles for companies across the U.S. (not just those in California) while removing certain liability protections afforded by the CCPA. Most recently, Virginia passed its own omnibus privacy legislation with other states appearing to be close behind.

Meanwhile, across the Atlantic, the Schrems II decision by the European Court of Justice invalidated the U.S. Privacy Shield program as a valid transfer mechanism for U.S. companies to transfer personal data from the EEA. The decision also sparked reactions across E.U. member states regarding whether the most common mechanism, standard contractual clauses (SCCs), remains valid for data transfers. Since the Schrems II decision, the European Commission issued a draft decision on the use of new SCCs for international data transfers along with a new set of SCCs.  Meanwhile, the European Data Protection Board (EDPB) issued guidance on cross-border data transfers, and together with the European Data Protection Supervisor adopted joint opinions on the new set of SCCs proposed by the Commission.  

What will happen next?  Will the new administration fuel even more legislative changes?  Our speakers didn't have a crystal ball, but they offered some strategies for meeting these and other regulatory challenges.  They also discussed significant developments impacting data protection requirements.