Changes in data privacy laws and enforcement risks to monitor in 2019

GDPR, CCPA and beyond

The European Union (GDPR), California (CCPA) and several US states, the US Congress and a countless number of countries have enacted laws on data privacy and are already presenting significant enforcement activity.

One exemple is the French National Data Protection Commission (CNIL) imposing a €50 million penalty against Google for violation of the General Data Protection Regulation (GDPR) on January 21, the US Federal Trade Commission (FTC) currently negotiating a multi-billion dollar fine against Facebook to settle the agency’s investigation into its privacy practices, and so on!

Legislation

According to Data Protection Report, the CCPA ( California Consumer Privacy Act) and CCPA-copycat laws in the US could bring higher scrutiny to privacy violations in the US. The act passed in June 2018 in response to the Cambridge Analytica scandal. Just like the GDPR, provides certain rights to consumers, including the “Right to Know,” “Right to Access,” “Right to Opt-Out” and “Right to Deletion.”  Eleven (11) other states, including Maryland, New Jersey and Washington, introduced similar legislation recently.

Managing data privacy risks

Enforcement actions by the EU and US regulators and active legislative changes at the state and federal level in the US mean data privacy risks should be one of the top risks managed by companies! The GDPR, CCPA, and other state and US legislative proposals each introduce new and different requirements on the collecting, processing, sharing, and maintaining of personal data.