Concord Privacy News: 1/18/24

Data Privacy Policies to Watch in 2024

The year 2024 is poised to be significant for data privacy with one state having already passed a new consumer privacy bill this year. For those monitoring developments in privacy laws and proposed legislation, we expect more changes at the international, national, and state levels. Here’s what what Concord is tracking.

‍

Data Privacy in the U.S.

Not even a month into the new year and already one state has passed a consumer privacy bill. On January 8, 2024, the New Jersey legislature passed the New Jersey Data Privacy Act (NJDPA). The bill, SB 332, awaits final action from Governor Phil Murphy, who has 45 days to approve. Once signed into law, the bill would take effect one year after its enactment date.

‍

In total, 14 U.S. states now have data privacy regulations in place. Eight of those states passed their legislation in 2023, with five of those coming into effect in 2024:

• Montana Consumer Data Privacy Act (MTCDPA)
• Florida Digital Bill of Rights (FDBR)
• Texas Data Privacy and Security Act (TDPSA)
• Oregon Consumer Privacy Act (OCPA)
• Delaware Personal Data Privacy Act (DPDPA)

While numerous recently enacted state privacy laws share similarities, variations in these laws introduce fresh compliance challenges. Businesses will need to stay up-to-date on associated requirements for processing personal data.

‍

Data Privacy in Canada

Efforts to replace the outdated PIPEDA regulation could come to fruition in 2024. Bill C-27 — the Digital Charter Implementation Act — is the current mechanism, which is currently under committee review. The bill would bring the Consumer Privacy Protection Act (CPPA) into effect and provide a novel framework for overseeing access to and utilization of personal information in the private sector. It also calls for the establishment of an administrative tribunal to scrutinize certain decisions made by Canada's Privacy Commissioner and impose penalties for violations of the CPPA.

‍

Data Privacy in the EU

The EU’s Data Act entered into force on January 11, 2024 and will become applicable in September 2025. The Data Act governs the access and use of data generated within the EU, with a primary objective of facilitating seamless transitions between data processing service providers. This regulation encompasses both personal and non-personal data; however, for non-personal data, the General Data Protection Regulation (GDPR) holds precedence and is applicable. Additionally, the Data Act establishes guidelines for preventing unauthorized international governmental access and transfer of non-personal data. It also addresses the development of interoperability standards for accessing, transferring, and using data.

‍

Planning Ahead

There’s no question we anticipate a continued and increased focus on data privacy throughout 2024. Businesses are increasingly recognizing not only the risks associated with noncompliance, but also the potential benefits of actively safeguarding data and honoring user privacy. Embracing a privacy-first approach can play a crucial role in safeguarding brand reputation and revenue. Concord is here to help — reach out to us today.

‍

Other Privacy News of Note

FTC Settlement Bars Data Broker From Selling Sensitive Location Info

Outlogic, a Virginia-based data broker, agreed to stop selling sensitive location data that helps track people’s whereabouts, as part of the Federal Trade Commission’s first data tracking settlement. Tuesday’s accord resolves claims that Outlogic, formerly known as X-Mode Social, violated consumers’ privacy for several years by selling their data to advertisers, researchers, retailers and government contractors without permission. According to the FTC, Outlogic had no policies until last May to remove doctor’s offices, domestic abuse shelters, reproductive health clinics, places of worship and other sensitive locations from raw data it sold. Read more.

‍

Here Are The ‘Worst in Show’ CES Products, According to Consumer and Privacy Advocates

The best CES products pierce through the haze of marketing hype at the Las Vegas gadget show to reveal innovations that could improve lives. The worst could harm us or our society and the planet in such “innovatively bad” ways that a panel of self-described dystopia experts has judged them “Worst in Show.” “From easily hackable lawn mowers to $300 earbuds that will fail in two years, these are products that jeopardize our safety, encourage wasteful overconsumption, and normalize privacy violations,” says the group of consumer and privacy advocates judging the awards. Read more.