By Scott Taylor, General Counsel, California State Library*
Embarking into a new year — 2021— and beyond, I have identified three trends which appear to be noteworthy as it relates to data and privacy amongst consumers and businesses.
Public Awareness of Privacy
With voters in California passing Proposition 24 — the California Privacy Rights Act (CPRA) on November 3, 2020, it seems the average citizen is becoming more aware of their digital footprint and privacy within that footprint. The main theme throughout the CPRA appears to be the maximization of a consumer’s privacy related to a business purpose. The intersection between businesses, service providers, contractors, third parties and consumers has come down on the side of the consumer and protection of his or her privacy.
The COVID-19 pandemic has forced most people to telework and conduct business from the privacy of their home utilizing the internet, and all the different websites to conduct both our business and personal lives. As a result, individual users or consumers are becoming more aware of privacy issues especially health, financial, and employee information privacy and protecting their personal information.
Moving into 2021 and the years to follow companies will inevitably feel the pressure to evolve and comply with the various aspects of CPRA which includes an enforcement component and new regulations to coincide with the newly passed Act.
The Advancement of Consumer Privacy and the Nuanced Landscape
Besides California, Nevada and the European Union other countries are starting to understand consumer privacy and how much of an issue it has become in their respective countries or regions such as China, India and Australia. As our business world becomes more connected and California companies conduct business internationally these companies will have to be more cognizant of the privacy landscape and how each region, country or state may be different and what may be required in conducting business and other implications of contracting for services with a service provider or third-party entity.
A California business who has an interstate or international presence related to consumer’s data and its privacy will have to be mindful of the nuanced landscape.
Federal Privacy Law to Follow or Not
There has been a considerable amount of discussion as to whether or not the federal government will pass a privacy law to address consumer privacy related to data and personal information. There are a couple of notable things that have taken place which may change the federal mindset in putting out a law addressing this issue.
First, California, along with Nevada, have come out with the California Privacy Protection Act (CCPA) and now the CPRA. Additionally, several states have introduced bills to enact their own data privacy laws. These developments may provide direction to Congress to follow in enacting a privacy law.
Secondly, the California Attorney General’s Office promulgated regulations related to the CPPA, and the new CPRA calls for additional regulations.
Third, based off the presidential election the United States voted in President Joe Biden and Vice-President Kamala Harris. Based off this election result of November 3, 2020, it could be the impetus needed to ignite the collaborative effort by Congress to come up with federal legislation that Biden would approve of. Plus, there is agreement from both sides of the aisle, so to speak, in which consumer protection would not be as heavy of a lift compared to a different political issue. As a result of the combination of these factors and others this may be the time for the federal government to pass consumer privacy protection for the United States.
As 2021 gets underway, these three identified trends, along with others not mentioned, will be something to keep an eye out as the debate and changes continue in the data consumer protection landscape.
* Views of author are his own and do not represent the views of his employer, the California State Library.