The second quarter of 2022 offered plenty of positing on privacy, both in the U.S. and internationally. In the U.S., we saw the addition of another state privacy law, and a spark of hope in privacy professionals’ eyes with the introduction of tangible federal legislation. Plus, the Federal Trade Commission (FTC) is positioned to act on rulemaking like never before. In the EU, the GDPR’s fourth anniversary served as a chance for real reflection on its successes and failings, while criticism of the current enforcement approach continues to roll in. Lastly, Canada tried again to introduce legislation to revamp its outdated privacy law, and the country’s long-standing privacy commissioner passed the baton.

Looking at the US

Connecticut kicked off Q2 in style, becoming the fifth state to enact a privacy law. Adding to the ever-expanding patchwork of U.S. privacy laws, An Act Concerning Personal Data Privacy and Online Monitoring, also known as the Connecticut Data Privacy Act (CTDPA), provides consumers with access, deletion, rectification and certain opt-out rights; includes provisions prohibiting “dark patterns”; and requires companies to honor a global opt-out mechanism. Effective July 1, 2023, CTDPA is considered to be operable with other state laws, following trends presented in previously enacted state laws and offering little divergence.

The second quarter has offered the most exciting time for federal privacy in recent history. While lawmakers have filed countless bills in the past years, none have captured the attention of the privacy community quite like the bipartisan, bicameral proposal called the American Data Privacy and Protection Act (ADPPA). Offered by three of the four committee leaders that handle privacy matters, the ADPPA presents a compromise on two intractable obstacles to passing legislation in the US — preemption of state laws and the private right of (Read more...)