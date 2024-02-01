In 2023, an unprecedented surge in comprehensive state data privacy laws took the United States by storm, more than doubling the number of states with privacy laws. California remained a trailblazer, approving the final text of the California Privacy Rights Act regulations. The newly enacted laws across various states addressed critical aspects such as online privacy, data protection, and consumer rights, focusing on age verification for social media use, children's online privacy, health information, and consumer data protection. The push for these comprehensive data privacy laws marked a significant shift in the US's approach to data privacy.

Global Privacy and Data Protection Updates

This surge in privacy laws was part of a global trend. The MTCDPA, TIPA, OCPA, TDPSA, ICDPA, DPDPA, CCPA, CPRA, VCDPA, CPA, UCPA, CTDPA, GDPR, Digital Services Act, Digital Markets Act, EU U.S. Data Privacy Framework, and EU AI Act all saw important developments. The implications and enforcement dates of these laws, as well as specific requirements and penalties for non-compliance, kept businesses and professionals on their toes, underlining the importance of staying informed about data privacy laws.

Emerging Trends and Key Risk Areas

Over the past year, there were several emerging trends and key risk areas in data privacy and cybersecurity. The World Economic Forum identified cybersecurity as a global risk, and various regulations and enforcement efforts came into play in the US, China, EU, and UK. Key risk areas for businesses included children's privacy, biometric data, and targeted advertising, and there were several legal actions and proposed regulations related to data protection and cybersecurity.

Impact on Employment Counsel and HR Professionals

The comprehensive data protection laws passed in various US states significantly impacted employment counsel and HR professionals. While most states exempted HR data, organizations were broadly responsible for data protection, with specific thresholds for applicability varying across states.

International Transfer of Non-Personal Data

In the European Union, there was a focus on the international transfer of non-personal data. Regulations like the Data Localization Regulation 2018, the Data Governance Act, the Data Act, and the European Health Data Space provided critical guidelines. These laws aimed to protect EU intellectual property and prevent non-personal data from becoming personal data through re-identification.

Noteworthy Developments in the Field of Privacy

Among the noteworthy developments, Meta's plans to charge EU users monthly if they opted out of being tracked for online advertising raised questions about the future of the General Data Protection Regulation. California launched an investigative sweep targeting popular streaming apps for alleged noncompliance with the California Consumer Privacy Act. Amazon's warehouse management arm in France was penalized $32 million for violating the General Data Protection Regulation by excessively tracking employee productivity. Data broker Outlogic became subject to the Federal Trade Commission's first ban on the use, sale, or disclosure of sensitive location data. Retail pharmacy chain Rite Aid agreed to a five-year ban on its use of facial recognition technology for surveillance purposes. These developments underscored the increasing emphasis on privacy and data protection globally.