Digital privacy is an ever-changing topic, with rules, regulations, and technology in constant flux-- it can be a lot to keep up with. Our monthly Privacy Roundup combines the most important privacy stories of the past month with expert analysis and Ensighten solutions, so you can keep your website compliant.
Major movement in the USA’s privacy and consent regulations arena this month as well as fines and increased visibility on user data worldwide! As 2022 moves across the halfway point, action continues to ramp up in the world of data privacy and user consent.
California Releases First Draft of CPRA Amendments
State lawmakers in California have released the first draft of the CPRA (California Privacy Rights Act) regulations. The full amendment is expected to come into effect in 2023 and adds a very GDPR-like list of rights for users and requirements for websites and companies. In the near future, you can expect to need to offer your users the option to give their explicit consent on being tracked on your website for any reason, so if you’ve only been covering their right to request the data not be sold or that it be deleted then it’s going to be time to upgrade to active consent very soon.
If you do business in California, you will likely need to be CCPA and CPRA compliant. When using Ensighten MarSec, ensure you enable the CCPA Compliance module within the User Consent section of your Privacy Gateway to help achieve full compliance for CCPA. To alter your existing Ensighten consent configuration to ensure explicit consent is given before users are tracked on your website for CPRA, simply visit the User Consent section of your Privacy Gateway and change the Default Opt-In Values to be toggled off rather than on. For further help on becoming CCPA and CPRA compliant, contact firstname.lastname@example.org or request a demo if you’re not an Ensighten customer yet.
Increasing Fines and Regulatory Actions Worldwide
Globally there continues to be a high volume of regulators exacting fines, such as Tim Hortons being sued for tracking its users via their mobile app and Twitter’s fine for failure to protect user data, in some countries, but in others, we’re seeing calls for open access to user data by government entities like in Mexico’s ruling on bank data. It’s certainly true that different countries are going to handle user privacy in different ways, but it’s concerning to know that your user’s data may be passing through a wide variety of regulatory changes as data crosses borders. It’s very likely we’ll see more news in the future about data transfer and storage concerns. Going with the cheapest and most effective data center may no longer be tenable as it opens your user data up to privacy concerns and regulatory action due to your user’s data being subject to different countries’ privacy laws which may violate your own. The era of global data flow is tapering off into a new age of data ownership and privacy
New Privacy Laws on the Horizon
Looking toward the near future, we of course expect to see further movement from US states with laws in their houses awaiting changes or decisions on ratification, and in more global stations the EU is considering an Act that allows them to place sanctions on companies acting as “gatekeepers” to a core digital service. If you’re not sure what that means, not to worry I’m here to help. A good example of who this Act may apply to is major cell phone providers and their mandatory applications that cannot be removed from your device and impact or inhibit your ability to use the phone unless you’re doing so with their tools. This is a major privacy concern because the companies participating in this predatory style of forced consumption are also collecting your data and monitoring your activities while using their platform. There’s also news of legislation on the POTUS desk for a cybersecurity update that will require the expansion of information and tools available for state and local governments' use in regards to data breaches.
The landscape around user data and digital privacy is getting complicated and very busy worldwide. Stay up to date here with the Ensighten Newsletter, and reach out if you’re looking for any specific information, help with your website or company’s compliance, or if you need to adapt to new laws and regulations that may affect your users and put your revenue at risk.
Randy is a Principal Consultant at Ensighten with over a decade's experience and expertise in the digital privacy landscape.