Digital privacy is an ever-changing topic, with rules, regulations, and technology in constant flux-- it can be a lot to keep up with. Our monthly Privacy Roundup combines the most important privacy stories of the past month with expert analysis and Ensighten solutions, so you can keep your website compliant.
Things are starting to shake up across the data privacy, consent, and compliance world. More states in the US are pushing CCPA-like bills and laws through legislation, GDPR is baring its fangs against huge names, and the definition of a user’s privacy-protected data may soon include biometric information.
Privacy Push Continues at State-Level
Connecticut, Louisiana, and Virginia all pushed data privacy legislation forward this month. Virginia finalized amendments to its Consumer Data Protection Act and we can expect to see the law set in place later this summer. Louisiana and Connecticut both have bills in the states’ houses but are yet to cross the finish line just yet. It’s looking like many states across the USA will have consumer privacy stipulations in place by the end of the year. Hopefully, you already made yourself ready with CCPA, but if not then you’ll soon have no choice as the country comes into compliance alignment. If that’s a task you need to get working on, don’t hesitate to reach out about Ensighten’s ability to cover all your consent and regulatory compliance needs.
FAANG Companies React to GDPR Fines, Push for Federal Privacy Law
A few months ago, the CNIL fined Google for breaching French data privacy laws. The banner for consent choices presented to French users was non-compliant with GDPR, specifically where it gave rules on a fair or equal opportunity to opt both in and out. If you’ve been perusing the internet the last few years, especially in the EU, you’ve likely seen dozens of these banners and consent experiences. Sites and companies want their data, so it’s a common practice to make it as easy as possible to opt-in, in and somewhat difficult to opt out. GDPR, however, states that they must be equally accessible for a site to be compliant. Many sites should be considering whether they’re really up to code after seeing Google get hit for 150 million euros. A couple of months later and we see two related bits of news from Google. First, they’re updating their consent experience to become more in line with the strictures of GDPR. They’ll begin in France where the problem originated and roll it out across the full EU in short order. Second, Google’s president of global affairs, Kent Walker, spoke about the need for privacy law at the federal level in the US. Largely this centers around the US being behind the times when it comes to privacy legislation, which is currently a patchwork of various state-level laws, for international, and even nationwide companies, this can make it difficult to operate responsibly with such a disparity.
California Pushes for Controls on Biometric Data
Closer to home for us here at Ensighten, there’s a new flavor in consumer data being considered for coverage in consumer data protection laws. The California Senate is voting on a bill to include Biometric data under the existing CCPA’s coverage. This would mean that digital data (images) of identifying body parts such as the iris, fingerprints, and more would be covered under the necessity for a user to provide consent before that data’s capture or sale. It would empower a person with right of action surrounding their biometric data, meaning they could request to know what data a site holds, have it deleted, or request it not be sold. This is certainly an interesting step in the right direction when it comes to a third party’s ability to identify you without your consent. We’re certainly seeing similar calls to action around face recognition usage by private, state, and federal entities. These advancements are important steps forward for technology, but it’s important to consider data privacy and its impact on our lives.