The first months of 2022 began slowly for privacy, but by the end of the first quarter we had our marching orders for the rest of the year. In the U.S., we saw an explosion of state privacy bills being put forward (again), the Senate utilized a seldom used maneuver to push President Biden’s Federal Trade Commission nominee through to confirmation, and Utah became the fourth state to enact comprehensive privacy legislation. In the EU, we witnessed developments with the Data Markets Act and Data Services Act, pushing the region’s digital strategy forward, and a last push between the EU and U.S. proved negotiations on a transatlantic data flow has finally found traction.

Looking at the U.S

Similar to what has come before (but different enough to make compliance challenging), Utah delivered its Consumer Privacy Act on March 5. With close to 30 states considering privacy this year, it has become quite clear that until privacy moves on a federal level, states will take it upon themselves to create a patchwork of privacy across the U.S. Keeping in line with Virginia’s business-friendly approach to privacy requirements, Utah extends most (but not all) standard data subject rights, introduces obligations on controllers and processors, and follows Virginia’s lead with numerous exemptions and conditions.

While 2021 saw a real organizational boost for the Federal Trade Commission, this year has been fraught with gridlock. After months of waiting for confirmation of its final member, Alvaro Bedoya, the Senate issued a discharge petition and voted on March 30 (51-50) to bypass the Commerce Committee. Now moving to a floor vote, Bedoya’s confirmation is expected to be swift. In addition to simply filling out the membership of the FTC, confirming Bedoya will give FTC Chair Lina Khan the partisan majority she (Read more...)