Kae David’s Post

Well, the American Privacy Rights Act (APRA) is progressing just about as we thought it would. While there was a moment when we thought this might be the time we would finally get a long-needed privacy law that would resolve at least some of the confusion of state-by-state regulation. Predictably, however, opponents have been lining up - states with privacy laws want to avoid pre-emption, potential plaintiffs want to expand the private right of action, potential defendants oppose the private right of action, civil rights group don't like deletions in the proposed act, the advertising industry has blasted it, and now the Electronic Frontier Foundation has weighed in that the protections are inadequate. https://lnkd.in/gEx5W_JB. I guess my annual prediction that we won't get a federal privacy regime might be holding up better than I thought . . . #APRA #ccpa #privacy #infoecurity #dataprotection

Great insights as always from the IAPP - International Association of Privacy Professionals on the brand new American Privacy Rights Act draft. #APRA 1. Broad scope, with a conditional exemption for small businesses 2. Private right of action, preemption and FTC rulemaking 3. Data minimization by default 4. Many types of sensitive data and strong consent requirements 5. Teen data deserves heightened protections 6. Opt-out rights, civil rights and AI governance requirements 7. Special heightened requirements for certain entities 8. Executive responsibility and operational governance

Remember that aggressive "game changer" privacy bill that passed the Vermont legislature last month? You know, the one with a private right of action and restrictions for age appropriate design coding? The one that other states may start looking to in an attempt to form more aggressive consumer protection privacy laws? It was VETOED. Last Thursday, Governor Phil Scott vetoed the would-be Vermont Data Privacy Act, citing concerns that it was anti-business (for the private right of action) and could implicate First Amendment concerns (currently being litigated with California's age appropriate coding provisions). Instead, Gov. Scott recommended that Vermont adopt a bill similar to Connecticut's privacy law in an effort to achieve "regional harmony." Check out my latest blog article recapping the veto and how businesses should adjust their privacy practices. https://lnkd.in/gkxwntiK

Vermont governor rejects state’s tough data privacy bill. Why it matters: 1. Vermont's comprehensive consumer privacy legislation, if enacted, would significantly enhance data privacy protection, allowing individuals to sue companies for data rights violations. However, Governor Phil Scott vetoed the legislation, citing its potential for burdening businesses. 2. Despite the veto, the General Assembly has the power to override it with a two-thirds vote. If successful, Vermont would join the less than twenty states offering comprehensive data privacy rights. In comparison, the majority have weaker privacy laws. 3. The Governor advocates for a model similar to Connecticut's state data privacy legislation, highlighting regional consistency's benefit for both consumers and the economy. Critics argue that Connecticut's law maintains the status quo and lacks strong privacy language. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/ehE4Gzti

Great summary and insight by my colleagues on Vermont's proposed privacy act, which did not become law. Private rights of action are an issue to track considering the private right of action in the current draft APRA in Congress. It will be interesting to see if the Vermont law's failure is a blip or a harbinger as Congress and several states continue to draft comprehensive privacy laws.

State attorneys general implore Congress not to preempt their privacy laws. Why it matters: 1. State attorneys general in 15 states are concerned that the federal American Privacy Rights Act (APRA) would override stronger state data privacy laws. They worry legislation at the federal level may struggle to keep pace with technological changes and potential privacy risks, which they claim states are better equipped to tackle. 2. Some fear that APRA could weaken existing state privacy protections. Even though some comprehensive state privacy laws may have weaker provisions than APRA, states such as California fear its landmark privacy law would be replaced with less robust protection under the proposed federal legislation. 3. Critics caution APRA will limit states' enforcement abilities. The new legislation would allegedly inhibit state agencies and attorneys general from investigating privacy violations unless they can compel documents or other evidence of infringements under the federal law. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/enEmnTbD

A federal privacy law goes to Congress -- [The Future] The most comprehensive, bipartisan digital privacy legislation in years was introduced yesterday, giving users immense power over their data, how it’s handled, and what recourse they have when their rights are violated. Coupled with a potential TikTok ban, a newfound focus on digital privacy and security may kneecap Big Tech’s growth worldwide. Life, liberty, and the pursuit of privacy Federal digital privacy protections may finally roll out to all Americans. - The “American Privacy Rights Act” hails from Senate Commerce Committee Chair Maria Cantwell (D-WA) and House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA). - It would limit what Big Tech and data brokers could collect on users; allow people to correct, delete, and download data companies have on them; and let users opt out of targeted advertising and platform algorithms. - It would also give users the power to sue when their privacy rights are violated, skipping arbitration when cases relate to minors or when violations are “substantial.” If the bill becomes a law, it would be enforceable by the FTC and individual states, which have slowly been passing their own digital privacy laws over the past few years. https://lnkd.in/gWuGbP6A

Late last week, the government introduced its much-awaited Privacy Act reform bill. This marks a crucial step in strengthening our privacy reform, however, much more needs to be done to modernise these laws for the digital age.   Key Highlights: 🔹The Bill empowers individuals affected by serious privacy breaches to seek justice in court. 🔹It will require the development of a Children’s Online Privacy Code to safeguard young users from online harms. However, this Bill represents only a fraction of the promised reforms. While the Government pledged over 100 updates to the Privacy Act in February 2023, this Bill covers just 20% of those commitments. Outstanding Issues: 🔍 The Bill does not introduce a fair and reasonable test, which would have addressed the issue of ‘sham consent’ 🔍 Small businesses – around 95% of Australian businesses – are still exempt from requirements under the Privacy Act 🔍 Reforms needed to address privacy issues caused by high-risk technologies, such as facial recognition, are still missing. Read our full statement 👇 https://lnkd.in/g8NRih3V

#NewsShare 📣In a landmark development for privacy professionals and businesses, U.S. lawmakers have reached a bipartisan agreement on draft data privacy legislation, the American Privacy Rights Act ("APRA"), that could become the first federal data privacy law in the United States. With stringent enforcement measures set to be implemented by the Federal Trade Commission (#FTC) and state attorneys general, alongside provisions for individual legal recourse, this legislation paves the way for a unified data privacy and security standard across the U.S. Given the APRA's potential applicability to foreign businesses falling under the Federal Trade Commission Act, it's crucial for Taiwan entities covered by such scope to stay abreast of these developments to ensure compliance. For inquiries on data privacy laws in Taiwan, connect with our Senior Of Counsel Jaime Cheng, a Certified Information Privacy Professional/United States and Certified Information Privacy Manager (#CIPM). ✨Stay informed with us in the data privacy landscape! Explore the full news: https://lnkd.in/eqF7VVh2 #DataPrivacy #Legislation #Legal