The Latest Privacy & Data Protection News for April 2023

There were quite a few developments in privacy this month such as Iowa’s passage of SF262 and the release of Colorado Privacy Act rules. We will continue tracking this law and the rules and will make updates to policies as needed to reflect the newly required disclosures. We hope that you find this newsletter helpful for staying up to date with the myriad changes in the privacy field. 

What’s new in privacy? 

Below are some of the most notable news in privacy from this month: 

1. Iowa passes comprehensive state privacy law.  Iowa has joined the ranks of states such as California, Virginia, Utah, Colorado and Connecticut by passing its own comprehensive privacy law, Iowa SF262. The law will go into effect in 2025 and will provide certain privacy rights to residents of Iowa. The law will also require certain businesses to have a comprehensive Privacy Policy that provides certain disclosures. Learn more about this new law in our Iowa SF262 Compliance Guide. 
2. France’s Data Protection Authority fines scooter company over geolocation data collection. CNIL has fined the rental scooter company Cityscoot 125,000 euros for collecting and maintaining geolocation data of the scooters. The fine was implemented due to the fact that the company failed to inform users of such collection and obtain their consent and failed to comply with data minimization and contractual framework obligations under GDPR. Learn more here.
3. Arkansas files lawsuits against TikTok and Meta. The state of Arkansas has filed lawsuits against TikTok and Meta alleging that TikTok failed to protect minors from being shown indecent content. Meanwhile, the state’s lawsuit against Meta alleges that it utilized Facebook to maximize the amount of time that young individuals spend on Facebook. The lawsuits were brought against the companies for violations of the state’s Deceptive Trade Practices Act. Read more here.  
4. UK DPA reform bill analysis. The UK Regulatory Policy Committee offered its opinion on the proposed reform of the UK’s privacy law. The opinion examined the latest draft of the bill, including its amendments for the scientific research exemption, legitimate interest – based processing and use of existing data transfer mechanisms. Read more here. 
5. The EU Data Act progresses forward. Member states of the European Union have reached a common position on the proposed Data Act. Negotiations regarding the Act will not move forward to the Council of the European Union and the European Parliament. The purpose of the Data Act is to contribute to creating a single market to allow data to flow freely within the EU and across sectors. Read more here. 
6. TikTok CEO questioned by Congress. After multiple bills have been introduced to ban TikTok from the Apple and Google Play stores, members of Congress questioned the CEO of TikTok regarding the company’s security practices and whether TikTok shares personal data with the Chinese Communist Party. Watch the hearing here.
7. Amazon sued for alleged violations of the New York City biometrics law. A resident of New York is suing Amazon for allegedly failing to notify consumers via a clear and conspicuous sign near the entrance that their biometric information may be collected at the Amazon Go store. Learn more here.  
8. Meta Pixel found to be in violation of GDPR. The Austrian Data Protection Authority found that the Meta Pixel directly violates GDPR due to the fact that it transfers personal data from the European Union to the United States. The DPA advised businesses that need to comply with GDPR to stop using the Meta Pixel. Read more here. 
9. Colorado Privacy Act rules published. Colorado has published the rules that help interpret the Colorado Privacy Act. The rules will go into effect on July 1, 2023 and will make changes to the disclosures that need to be included in Privacy Policies. The rules also provide information on how to respond to requests to exercise privacy rights, and information regarding a universal opt-out mechanism. Read more here. 
10. Canada’s federal privacy reform moves forward. The House of Commons of Canada plans to open debate on Bill C-27, which would reform the country’s privacy law. Learn more here. 

What privacy bills are we tracking? 

As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.

Here are links to each respective proposed privacy bill:

• Georgia – GA HB798;
• Hawaii – HI SB1110/HB1497;
• Hawaii – HI SB 974;
• Illinois – IL HB3385;
• Indiana – IN SB5;
• Indiana – IN HB 1554;
• Iowa – IA House File 2506;
• Iowa – IA House Study Bill 12;
• Kentucky – KY S 15;
• Maryland – MD HB807;
• Massachusetts – MA HD2281/SB745;
• Massachusetts – MA HD3263/SD1971;
• Mississippi – MS SB 2080;
• Minnesota – MN SF950;
• Montana – MT DB1086;
• New Hampshire – NH SB255;
• New York – NY S2277;
• New York – NY SB365;
• New York – NY SB3162;
• New York – NY AB4374;
• New Jersey – NJ S 332;
• New Jersey – NJ A505;
• New Jersey – NJ A 1971;
• Oklahoma – OK HB1030;
• Tennessee – TN SB73;
• Pennsylvania – PA HB708;
• Washington – WA HB1616;
• West Virginia – WV HB3453;
• Vermont – VT HB121

Events

Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals: 

1. Cross-Border Institute: The Intersection of Global Discovery, Privacy and Data Security – July 20 – July 21; 
2. Cloud/Privacy/AI: Trends and Legal Implications – April 27; 
3. Privacy by Design: More than just a catchy phrase – April 13.

If you made it this far, there’s a good chance you just can’t get enough of privacy. Be sure to subscribe to our podcast, Privacy Lawls, where we talk privacy with some of the leaders in the industry.