Governor Newsom, CPPA File Opposition to Federal Preemption

This week, Governor Gavin Newsom, along with California Attorney General Rob Bonta, and the California Privacy Protection Agency (CPPA) sent a joint letter to the House Energy & Commerce Committee in advance of the Committee’s March 1 hearing, “Promoting U.S. Innovation and Individual Liberty through a National Standard for Data Privacy.” The letter opposes the inclusion of a federal preemption clause in the proposed American Data Privacy and Protection Act (ADPPA).  “National data privacy laws passed by Congress should strengthen, not weaken our existing laws here in California,” wrote Governor Newsom. “California has been on the leading edge when it comes to creating new digital technology, but we have also coupled these advances with stronger consumer protections. The rest of the nation should follow our lead.” According to a release from the governor’s office, the letter urged congress to: “Allow states to respond to changes in technology and data collection practices to allow rigorous enforcement in those areas most affecting residents, and; Ensure that the ADPPA is passed without a preemption clause in order to protect critical data privacy protections in state law and preserve California’s authority to establish and enforce those protections.”

Australia Completes Data Privacy Law Review

Australia Attorney General Mark Dreyfus, released his report on the Privacy Act review last week. According to CPO Magazine, the review is part of a years-long process of updating the Privacy Act 1988, the country’s current privacy standard. The AG’s report approved several changes to terminology, including introducing the controller-processor distinction, approved of more focused employee privacy measures, and outlined four ways of defining “valid consent” to data collection, handling, processing, etc.

EDPB Issues Opinion on Trans-Atlantic Data Privacy Framework

The European Data Protection Board (EDPB) had a mostly-positive opinion on the draft proposal of the EU-US Data Privacy Framework (DPF). Per this analysis, the opinion noted concerns over the DPF’s complexity and key definitions missing from the text, that DPF’s redress mechanism needs clarification, and that right-to-access exemptions might be too broad. The opinion also noted the need for a clause requiring prior authorization by an independent authority for bulk collection of data, and that the “The effectiveness of EO 14086 will depend on the adoption of policies and procedures for its implementation by U.S. Intelligence Agencies. The EDPB believes that both the adoption and entry into force of the DPF should be made conditional on the adoption of said policies and procedures.”

BREACH REPORT

* * * * * * *

To read our latest article, Practical Guidance: Should Your Business Ditch TikTok, click here.

Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!

Our most recently released episodes:

87 | Artificial Intelligence & Chatbots…Helpful or Harmful? (with guest Heather West)

86 | Using Tools to Help Manage Incident Response(with guest Lauren Wallace)

85 | How Incident Response Has Changed (with guest Violet Sullivan)

To browse our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.

Previous
Previous

Practical Guidance: The Technical Side of Compliance

Next
Next

Should Your Business Ditch TikTok? – ADCG’s Practical Guidance on TikTok Bans