The day’s top stories from around the world
Where the real conversations in privacy happen
Original reporting and feature articles on the latest privacy developments
Alerts and legal analysis of legislative trends
Exploring the technology of privacy
A roundup of the top Canadian privacy news
A roundup of the top European data protection news
A roundup of the top privacy news from the Asia-Pacific region
A roundup of the top privacy news from Latin America
A roundup of US privacy news
Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.
Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.
Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.
Locate and network with fellow privacy professionals using this peer-to-peer directory.
Review a filterable list of conferences, KnowledgeNets, LinkedIn Live broadcasts, networking events, web conferences and more.
Understand Europe’s framework of laws, regulations and policies, most significantly the GDPR.
Steer a course through the interconnected web of federal and state laws governing U.S. data privacy.
Learn the intricacies of Canada’s distinctive federal/provincial/territorial data privacy governance systems.
Develop the skills to design, build and operate a comprehensive data protection program.
Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them.
Introductory training that builds organizations of professionals with working privacy knowledge.
Learn the legal, operational and compliance requirements of the EU regulation and its global influence.
Meet the stringent requirements to earn this American Bar Association-certified designation.
The global standard for the go-to person for privacy laws, regulations and frameworks
The first and only privacy certification for professionals who manage day-to-day operations
As technology professionals take on greater privacy responsibilities, our updated certification is keeping pace with 50% new content covering the latest developments.
Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.
The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABA’s newest accredited specialties.
The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for GDPR readiness. Learn more today.
Mostre seus conhecimentos na gestão do programa de privacidade e na legislação brasileira sobre privacidade.
Certification des compétences du DPO fondée sur la législation et règlementation française et européenne, agréée par la CNIL.
Use the Vendor Demo Center, Privacy Vendor List and Privacy Tech Vendor Report to easily identify privacy products and services to support your work.
The IAPP presents its sixth annual “Privacy Tech Vendor Report.” This issue, the IAPP lists 364 privacy technology vendors.
Access all reports and surveys published by the IAPP.
Access all white papers published by the IAPP.
The IAPP’s US State Privacy Legislation Tracker consists of proposed and enacted comprehensive state privacy bills from across the U.S.
This tracker organizes the privacy-related bills proposed in Congress to keep our members informed of developments within the federal privacy landscape.
IAPP members can get up-to-date information here on the California Consumer Privacy Act and the California Privacy Rights Act.
The IAPP’s EU General Data Protection Regulation page collects the guidance, analysis, tools and resources you need to make sure you’re meeting your obligations.
On this topic page, you can find the IAPP’s collection of coverage, analysis and resources related to international data transfers.
This chart maps several comprehensive data protection laws to assist our members in understanding how data protection is being approached around the world.
Join DACH-region data protection professionals for practical discussions of issues and solutions. Presented in German and English.
P.S.R. 2022 is the place for speakers, workshops and networking focused on the intersection of privacy and technology.
Europe’s top experts predict the evolving landscape and give insights into best practices for your privacy programme.
Gain exclusive insights about the ever-changing data privacy landscape in ANZ and beyond.
Explore the full range of U.K. data protection issues, from global policy to daily operational details.
Concentrated learning, sharing, and networking with all sessions delivered in parallel tracks — one in French, the other in English.
The world’s top privacy conference. Whether you work in the public or private sector, anywhere in the world, the Summit is your can’t-miss event.
View our open calls and submission instructions.
Increase visibility for your organization — check out sponsorship opportunities today.
Review upcoming IAPP conferences to see which need to be included in your schedule for the year ahead.
Start taking advantage of the many IAPP member benefits today
See our list of high-profile corporate members—and find out why you should become one, too
Don’t miss out for a minute—continue accessing your benefits
Review current member benefits available to Australia and New Zealand members
Prospects for a landmark vote in the U.S. House on the proposed American Data Privacy and Protection Act boil down to House Speaker Nancy Pelosi, D-Calif., who decides when or if the comprehensive privacy bill’s number will be considered on the House floor. Pelosi did not take a side upon the ADPPA becoming available for a floor vote just ahead of U.S. Congress’ summer recess, leaving many wondering where the chips would fall when federal lawmakers returned to work Sept. 6.
Following weeks of urgings both for and against a vote, Pelosi released a statement prior to Congress’ restart stating she would not hold a vote on the ADPPA in its current form. Pelosi said while the House Committee on Energy and Commerce should be “commended for its work,” the impacts of the bill’s current preemption provisions need to be addressed further, particularly as it relates to the California Consumer Privacy Act and the California Privacy Rights Act.
Pelosi said the ADPPA “does not guarantee the same essential consumer protections as California’s existing privacy laws,” citing warnings from California federal and state lawmakers along with the California Privacy Protection Agency.
“Proudly, California leads the nation not only in innovation, but also in consumer protection. With so much innovation happening in our state, it is imperative that California continues offering and enforcing the nation’s strongest privacy rights,” Pelosi said. “California’s landmark privacy laws and the new kids age-appropriate design bill, both of which received unanimous and bipartisan support in both chambers, must continue to protect Californians — and states must be allowed to address rapid changes in technology.”
Pelosi indicated talks with Committee on Energy and Commerce Chair Frank Pallone, D-N.J., on a path forward would occur “in the days ahead” once the House was back in session. Pallone issued a public statement echoing Pelosi’s promise for continued dialogue, adding he’s “laser focused on building support for final legislation” that will “put people back in control of their online data and create a strong national privacy standard.”
As Californian members of the House argued against preemption during the Energy and Commerce Committee markup in July, Pallone said dismantling “carefully crafted” preemption provisions would “reject all the efforts to come to a compromise.” The willingness to negotiate with Pelosi suggests a softened stance on addressing preemption, which likely won’t sit well with House Republicans.
“California — the home of Big Tech and the societal ills it has brought — should not be dictating privacy and data security rules for the rest of the country,” House Committee on Energy and Commerce Ranking Member Cathy McMorris Rodgers, R-Wash., said in a public statement. “I have been clear for years now that federal preemption is essential in order to protect all Americans no matter where they live. Creating one national standard is necessary to achieving that goal.”
Reps. Fred Upton, R-Mich., and Billy Long, R-Mo., made clear during the July committee markup that they would need to reconsider their support for the ADPPA if the current preemption model was altered.
The level to which Pelosi’s stance affects the ADPPA’s chances will depend on what kind of agreement can be reached, if any, to soften preemption. The fact there is dialogue at all gives stakeholders some hope that Congress won’t lose six-plus months of momentum on the closest it has ever been to establishing a federal privacy law.
“This statement is a signal that the Speaker wants to ensure that the ADPPA builds on the standards set by California and does not impede the ability of California and other states to address rapid changes in technology in the future,” Electronic Privacy Information Center Executive Director and President Alan Butler said. “I think both of those issues are addressable, first through substantive tweaks to address issues of differences raised by the CPPA and others in California and possibly by modifications to the preemption provisions that would allow states to continue to be the laboratories of democracy in the future as technology evolves.”
Pelosi’s reluctance to move forward serves as a boost to continued arguments from California that the California Consumer Privacy Act and California Privacy Rights Act carry more strength than the proposed ADPPA. CPPA Executive Director Ashkan Soltani released a statement saying the regulator stands ready to contribute to talks between Pelosi and Pallone toward ensuring “federal privacy legislation sets a true floor for privacy protections and preserves the key role of the states to innovate, particularly in response to rapidly evolving threats to privacy.”
Wilmer Hale Partner Kirk Nahra, CIPP/US, opined that while Pelosi’s choice doesn’t spell the bill’s ultimate demise it may prove to be “a realistic end to a possibility of passing that law this year in general.” Nahra spoke of the “uphill struggle” the bill was facing regardless of a seamless House passage, pointing to the obstacle of opposition and dissatisfaction from U.S. Senate Committee on Commerce, Science and Transportation Chair Maria Cantwell, D-Wash.
But IAPP Westin Emeritus Fellow and Goodwin Procter Partner Omer Tene said getting to the crux of Senate opposition and realizing what the proposed ADPPA could do for individuals in all 50 states requires Pelosi to call a vote.
“The Speaker stated that ‘Democrats won the right for consumers for the first time to be able to seek damages in court for violations of their privacy rights.’ Yet that right has not been won until ADPPA passes and it is currently held up because the Speaker won’t bring it to a floor vote,” Tene said. “While the Speaker is from California, consumers in 49 other states would benefit from the unprecedented protections in ADPPA. In fact, ADPPA provides stronger protections than those existing in California too.”
Addressing preemption hasn’t been and won’t be easy. When the initial discussion draft for the ADPPA was released, Pallone was clear there would need to be a degree of fluidity around preemption and the private right of action. But underlying factors that make the California laws so popular weren’t accounted for in the initial preemption calculus, according to Information Accountability Foundation Chief Policy Innovation Officer Martin Abrams.
“The California initiatives are much harder to set aside because they include citizen action and are examples of the law responding to new risks of adverse consequences,” Abrams said. “Neither the California law nor the federal legislation are perfect. … It would be great if global and federal standards existed, but digital technologies and methodologies are not static either and must be subject to enforceable controls.”
The initial calculus also bears the question of how the legislative process got this far with existing preemption provisions when there could’ve been interjection in months prior. Nahra pointed out the limitations around input after the discussion draft was released, noting how there was “a consensus among people participating in the consensus, but it wasn’t everyone who is relevant.”
Butler, whose organization along with other advocacy groups has engaged in any stakeholder opportunities that have been allowed under the legislative process, said the ever-changing political landscape also played a role in the developments that have led to a new stalemate.
“I don’t think it was possible at the outset to know if the ultimate deal would be able to run the legislative gauntlet,” Butler said. “And the politics have shifted dramatically since June given the results of special elections and the generic ballot measurements. So I think that has weighed in favor of giving close consideration to the bill, not trying to get everything done immediately.”
As for what a compromise looks like at this point, Abrams deemed the potential balancing act as “a political task” that will involve “a mostly preemptive standard that recognizes citizens’ interests, flexibility in a digital economy, and a means to enforce and oversee adverse consequences.” On the other hand, Nahra laid out the possibility that eventual preemption could still limit states once a deeper analysis of the current issues is conducted.
“I suspect there will be some real effort by all involved to answer a question that lots of people have been debating: What exactly is there about CCPA and CPRA that wouldn’t be addressed by ADPPA?” Nahra said. “The gap seems much smaller than what Pelosi’s comments would indicate. There is room for some creativity here. The option of a standstill period — five or 10 years — is a possibility, letting ADPPA some time to work itself out and then let states go above and beyond after that initial period.”
This white paper examines the progress made in Congress toward bipartisan agreement on privacy rights over the current legislative session, analyzing the 18 bipartisan federal privacy bills introduced in the 117th Congress.
View Here
Submit for CPEs
If you want to comment on this post, you need to login.
This white paper examines the progress made in Congress toward bipartisan agreement on privacy rights over the current legislative session, analyzing the 18 bipartisan federal privacy bills introduced in the 117th Congress.
View Here
The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, promote and improve the privacy profession globally.
The IAPP is the only place you’ll find a comprehensive body of resources, knowledge and experts to help you navigate the complex landscape of today’s data-driven world. We offer individual, corporate and group memberships, and all members have access to an extensive array of benefits.
© 2022 International Association of Privacy Professionals.
All rights reserved.
Pease International Tradeport, 75 Rochester Ave.
Portsmouth, NH 03801 USA • +1 603.427.9200