Priyanka Formentin [JD, CIPP/E]’s Post

A Republican victory in the U.S. could significantly reshape consumer data and privacy regulations, steering policy toward industry friendly frameworks over stringent oversight. While Democrats have pushed for comprehensive federal privacy laws — such as the proposed American Data Privacy Protection Act (ADPPA) — Republicans often favor less restrictive measures to foster innovation and ease regulatory burdens on businesses. Republican led initiatives might focus on promoting self regulation, encouraging businesses to develop and adhere to their own data privacy practices rather than enforcing uniform federal mandates. There could also be an emphasis on limiting state based regulations to avoid a patchwork of laws, favoring a unified, preemptive federal standard. This would reduce compliance complexity for businesses operating nationally but may come at the expense of more robust consumer protections seen in states like California under the CCPA and CPRA. Federal agencies like the Federal Trade Commission (FTC) may see a reduction in authority to impose penalties on privacy violations, with less appetite for strict enforcement actions. Such a shift could embolden businesses to innovate more freely but may risk prioritizing economic interests over consumer rights. The tradeoff between protecting personal data and promoting business freedom could become a defining characteristic of U.S. data privacy under a Republican led government. #dataprivacy #ADPPA #CCPA #FTC #privacylaw

State officials who oversee California’s data privacy law recently convened a public meeting to discuss various privacy-related matters—and may have signaled that an explanation of employer obligations under the law could be in the near future. Learn more here

A Closer Look at the Exemptions in the DPDPA,2023 The Digital Personal Data Protection Act (DPDPA) of 2023 outlines specific exemptions that allow for the processing of personal data without strict adherence to certain provisions. These exemptions are designed to balance the need for data protection with the legitimate interests of public entities and individuals. Let's explore these exemptions in more detail: 1. Public Interest and Security Sensitive Information: The government can withhold personal data that is considered sensitive or could compromise national security, foreign relations, or public order. This includes information related to defense, intelligence, or law enforcement. Balancing Act: While the government has the authority to exempt data in these cases, it's essential to strike a balance between protecting public interests and respecting individual privacy rights. 2. Research and Statistical Purposes Data for Analysis: Scientists and researchers can use personal data for various purposes, such as studying consumer behavior, analyzing health trends, or conducting market research. Anonymization: To protect individual privacy, researchers often anonymize or aggregate data, making it difficult to identify specific individuals. 3. Legal Matters Evidence and Witness Statements: Courts and legal professionals can use personal data as evidence or witness statements in legal proceedings. Due Process: The use of personal data in legal matters must align with principles of due process and fairness. 4. Publicly Available Data Voluntary Disclosure: If an individual voluntarily shares their personal data publicly (e.g., on social media), it's generally considered fair game for others to use that information. Limitations: While publicly available data can be used, there may still be restrictions or limitations based on other laws or regulations. Chapter IV of the DPDPA,2023 provides a comprehensive overview of these exemptions. It's important to note that while these exemptions allow for certain exceptions, the overall principle of data protection remains paramount. Government agencies and private entities must still handle personal data responsibly and ethically, even when exemptions apply. #dataprivacy #dataprotection #dpdpa #dpdpacompliance #indianlaws #privacycompliance #legalrights #publicrights #legal #datasecurity

On July 1, 2024, Texas is poised to potentially have the most robust consumer data privacy law in the United States with the Texas Data Privacy and Security Act ("TDPSA"). Enacted on June 18, 2023, Texas became the eleventh state to establish comprehensive privacy legislation, following the footsteps of the Virginia Consumer Data Protection Act. Modeled after the Virginia law, the TDPSA incorporates unique elements drawn from recent consumer data privacy laws in Colorado and Connecticut. Unlike some other states, Texas has crafted provisions that are considered more stringent, diverging from the trend of business-friendly laws seen in states like Utah and Iowa. The TDPSA sets a broad scope, applying to both individuals and businesses conducting operations in Texas, regardless of their revenues or the volume of personal data processed or sold. This law encompasses activities such as collection, storage, analysis, and modification of personal data, making it one of the most comprehensive data privacy measures in the country. #DataPrivacy #TexasLaw #ConsumerProtection

US Privacy Law Update- The American Privacy Rights Act (APRA) Draft: What You Need to Know? The APRA draft is a proposed federal law that would establish a comprehensive framework for data privacy rights in the United States. If enacted, it would apply to most businesses that collect personal data about American residents, with some exceptions. Who is Covered by the APRA Draft? The APRA draft would apply to "covered entities," which are businesses that meet certain thresholds for data collection or that process sensitive personal data. This could include a wide range of businesses, from social media platforms and e-commerce companies to data brokers and healthcare providers. What Data is Covered by the APRA Draft? The APRA draft defines "covered data" broadly to include any information that identifies or can be reasonably linked to an individual. This includes personal data such as name, address, email address, phone number, geolocation data, and browsing history. What are the Key Data Subject Rights under the APRA Draft? The APRA draft would give individuals a number of rights with respect to their covered data, including: * The right to access their covered data * The right to correct inaccurate covered data * The right to delete covered data * The right to opt out of the sale of their covered data. What are the Next Steps for the APRA Draft? The APRA draft is still in the early stages of consideration. It has been introduced in both the House and Senate, but it is unclear whether it will be passed into law. #APRA #dataprivacy #consumerrights #USAlaws #dataprotection #compliance

Complying with CPRA: A Brief Overview for Business Leaders The California Privacy Rights Act (CPRA) took effect in January 2023, replacing the California Consumer Privacy Act (CCPA) and providing consumers with unprecedented rights over their personal information. For businesses, complying with CPRA means upholding a new standard of transparency and accountability. This guide will help: https://bit.ly/3XkCReo #CPRA #CCPA #CPRACompliance

While preparing for a conference, I was reading the draft of the #AmericanPrivacyRightsAct . This seems to be a notable step in America's latest push for a federal privacy law. I have tried to break down the draft law below. The key features of the draft #APRA: 🌐 #DataMinimization: APRA mandates businesses to process and transfer data only for permitted purposes, minimizing misuse and data breaches. 🌐Enhanced #ConsumerRights: Consumers gain access, understanding, and control over their data, enabling corrections and deletion requests. 🌐Mitigation of #DataRisks: APRA's focus on data minimization boosts security, safeguarding against misuse and breaches. The draft bill also provides for enhanced Consumer Rights such as: 🔵#DataPortability: Consumers can transfer personal data between services. 🔵Right to Opt-Out of Targeted #Advertising: Consumers have the right to opt-out of targeted advertising campaigns. 🔵Universal Opt-Out Mechanisms: Consumers have universal opt-out options for data collection. 🔵#PrivateRight of Action: Consumers are granted the right to take legal action against entities for violations of their data privacy rights. If you also want to learn about the draft APRA, visit: https://lnkd.in/g2xyXHJ7 #PrivacyRights #DataProtection #ConsumerEmpowerment #DataPrivacy #APRA #Legislation

Jackson Lewis P.C.'s Phillip Baggett and Damon Silver, CIPP/US write: Unlike most of the 15 plus states with comprehensive privacy laws that exclude from their scope organizations that do not meet significant data volume thresholds (e.g., processing data related to at least 100,000 state residents), the TDPSA, with limited exceptions, applies to any organization that conducts business in the state of Texas or produces a product or service consumed by Texas residents. In contrast to the California Consumer Privacy Act, the TDPSA excludes Human Resources and Business to Business data. But aside from this exclusion, if an organization processes the personal data of consumers residing in Texas, there is a good chance it will be in scope. #texas #privacylaw #tdpsa #dataprivacy #datasecurity

The Colorado Privacy Act (CPA) introduces essential regulations to protect consumer data and ensure businesses handle information responsibly. Here are the main points: Consumer Rights: Access: Know what data is collected about you. Correction: Correct any inaccuracies in your data. Deletion: Request the deletion of your data. Portability: Obtain a copy of your data for transfer. Data Protection Requirements: Transparency: Clear information about data collection and usage. Security: Adequate measures to protect data. Consent: Explicit consent required for data processing. Data Minimization: Only necessary data should be collected and retained. For businesses, compliance is crucial to avoid penalties. Consumers gain more control over their personal data. For comprehensive legal advice on how this impacts you or your business, contact Springs Law Group. #ColoradoPrivacyAct #LegalInsights #DataProtection #ConsumerRights #SpringsLawGroup

Navigating the complex realm of data privacy laws is crucial for businesses in today's digital landscape. The California Consumer Privacy Act (CCPA) has set a significant precedent by prioritizing consumer rights, transparency, and accountability in safeguarding personal information. With an increasing number of states adopting similar regulations, it's imperative for businesses to proactively ensure compliance to mitigate penalties, safeguard reputation, and maintain trust. Key steps include conducting a thorough data audit, developing, implementing, and/or updating privacy policies, and educating teams on best practices for handling data to align with current laws. At Kendall PC, we provide advice and counsel on compliance strategies and address inquiries regarding the impact of data privacy laws on your business. Reach out to us for support in establishing a robust framework or evaluating your existing one. #DataPrivacy #CCPA #BusinessStrategy #LegalAdvice #YourLawFirmName