2021 saw a number of changes to privacy legislation and regulations around the world. Many companies are now figuring out how to be compliant, both with the changes that already went into effect and with those that are coming down the pike. In 2021, 23 different US states introduced privacy legislation, but only two states, Virginia and Colorado, passed those proposals into law. A number of countries also discussed new or updated privacy laws, but only China came online with sweeping new consumer privacy legislation.
Some of the most important changes in international privacy in 2021 were:
- The creation of China’s Personal Information Protect Law (PIPL), which was announced in August and went into effect on November 1, 2021
- The end of the BREXIT transition period and the granting of an adequacy decision for the UK, which allows the continued transfer of personal information from the EU to the UK without the use of SCCs
- The European Data Protection Board (EDPB) adopted its final recommendations for measures to supplement international transfer tools, which recommendations included the need for conducting a data transfer impact assessment in addition to entering into SCCs when transferring data to countries that have not received an adequacy decision
- New Standard Contractual Clauses (SCCs) governing data transfers from the European Union to third countries to comply with the EU’s General Data Protection Regulation (GDPR) became required for any new data processing agreements entered into after September 27, 2021
Upcoming privacy changes to prepare for in 2022:
- The California Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection Act, both of which go into effect on January 1, 2023
- The Colorado Privacy Act, which goes into effect on July 1, 2023
- Any businesses that are relying on the old SCCs to conduct international data transfers out of the EU will have to get new contracts in place by December 27, 2022 in order to continue to export data legally under the GDPR
Although the CPRA’s main effective date is January 1, 2023, it includes “lookback” requirements that will require companies to lookback to any data collected from January 1, 2022 onward when responding to certain requests.
Companies can expect changes in privacy law enforcement in California in 2022—the new California Privacy Protection Agency was officially formed in March of 2021. The agency is expected to engage in rulemaking, as well as more vigorous enforcement than previously when the agency was housed within an already-overburdened Attorney General’s office. In October of 2021, Ashkan Soltani was brought on as the agency’s Executive Director. Soltani is the former chief technologist for the Federal Trade Commission and a key player in the drafting of California’s consumer privacy laws.
In addition to the privacy laws and regulations we already know are in effect, or are going into effect, the United States continues to see new privacy legislation being proposed in state legislatures across the country. Already in 2021, new legislation has been proposed in Florida, Indiana, Washington, and the District of Columbia. Although Washington, home to tech giants such as Microsoft and Amazon, has become somewhat infamous for not being able to get privacy legislation passed, this year’s proposed legislation is based on the legislation that very nearly passed last year, and we expect that a consensus may finally be reached.
Of particular note is movement by the Biden Administration, the FTC, and Congress, all suggesting that, while the US may not see comprehensive consumer privacy legislation at the federal level in the immediate future, it may see increases in the FTC’s activity in the privacy space while Congress takes forays into it by increasing regulations on algorithmic decision making and discrimination.
What should businesses focus on to comply with the flurry of activity and regulation in the consumer privacy space? Getting their houses in order.
Keys to being compliant in 2022 and beyond include:
- Updating privacy notices and service provider agreements
- Training employees on the handling of personal information
- Mapping data to determine where vulnerabilities are
- Creating a plan for a comprehensive privacy program
SixFifty Solutions
Privacy law has become increasingly more complex over the past year. There are now major privacy regulations in the United States, Europe, and China. With SixFifty’s automated privacy solution, you can stay up to date and draft the legal documentation you need to comply with the ever-changing privacy laws worldwide.
Ready to get started?
Learn more about SixFifty’s privacy compliance solutions and book a free demo at sixfifty.com/privacy
Written by Marie Kulbeth
Marie Kulbeth is a Co-Founder and General Counsel of SixFifty, and the co-director of BYU LawX, a legal design lab dedicated to solving access to justice problems. She works to make the law straightforward for everyone, regardless of education level or income. Marie keeps her passion for equitable, accessible legal services at the forefront of her career. Her role as...
Full Bio and other articles by Marie Kulbeth
About The Author: Marie Kulbeth
Marie Kulbeth is a Co-Founder and General Counsel of SixFifty, and the co-director of BYU LawX, a legal design lab dedicated to solving access to justice problems. She works to make the law straightforward for everyone, regardless of education level or income.
Marie keeps her passion for equitable, accessible legal services at the forefront of her career. Her role as General Counsel allows her to field-test SixFifty’s products to ensure they’ll work for customers.
Education and Experience
Marie attended Brigham Young University, and spent most of her undergrad studying International Politics and Development. It was during a field study in South Africa that she first decided to become a lawyer. As she researched the new South African constitution and worked with community organizers, Marie became fascinated with the development of the rule of law and how it in turn fosters economic development.
After undergrad, she attended BYU Law, where she continued focusing on improving equity, specifically through access to justice. She spent time interning with a nonprofit at the Human Rights Council in Geneva and with the United Nations International Tribunal for the Rwandan Genocide. At home, she interned with Catholic Charities, focusing on supporting asylum cases. Marie’s work with communities and governments across the globe broadened her understanding of how the law can either uplift or further harm underserved populations.
After law school, Marie worked as a judicial law clerk for the US Fifth Circuit Court of Appeals. She then practiced commercial litigation in Salt Lake City before returning to BYU Law, where she became an Assistant Dean. During her time at BYU Law, Marie built a diversity recruiting program and a storytelling program. Although she has left academia, she continues to keep a hand in by teaching a legal design class at BYU Law School and an undergraduate international politics class that focuses on development and diplomacy at BYU’s Kennedy Center. Both courses help students increase their community engagement and use their skills to create change.
Achievements with SixFifty
Marie’s work with both SixFifty and LawX focuses on making the law less complicated and
more equitable for both companies and individuals.
Marie’s legal specialty is privacy. She has additional focus areas in legal technology; diversity, equity and inclusion; employment; and compliance. She enjoys the opportunity to build products with the legal product team, including pro bono products. This allows her to work with communities she cares about – and complements the work she continues to do at BYU.
With Marie’s guidance and experience, SixFifty is able to offer privacy products that allow even small companies to easily comply with global privacy restrictions. Her passion for making the law accessible to everyone is evident in our pro bono products, which help individuals access free legal help for common issues.
Get to Know Marie
When she’s not helping to advance SixFifty’s mission, Marie travels whenever she can. Keep your eyes open and you may find her anywhere in the world – one of her favorite trips was a seven-day motorbike tour of northern Thailand. She especially loves to canyoneer in southern Utah and explore wilderness areas.
Marie also continues her community development and education work. She is on the board of several nonprofits, including one that runs primary schools in South Sudan and the Utah Tribal Relief Foundation. She recently joined the board of the Mountainland Association of Governments, which focuses on making loans to entrepreneurs from underserved communities who lack access to traditional funding. She’s also a Model UN legend! She is the Executive Director of BYUMUN, Utah’s premier high school Model United Nations learning conference.
Marie loves podcasts and will nerd out on anything related to the law, the history of the English language, and anything done by the people at Radiolab.
Bar Licensed
Utah
More posts by Marie Kulbeth