C.A.G. Insights

Recapping 2018—The year of Data Privacy

By Samie Leigh

Last year, General Data Protection Regulation (GDPR) went into effect in the European Union (EU) regulating and protecting data from individuals within the EU.  Large US companies operating abroad were forced to update their privacy policies and procedures and have opted to broaden the changes to individuals even outside the EU.  Although GDPR has already affected companies operating in the US, there is no equivalent US federal law in place to regulate individual data.

Instead, the privacy laws are enforced on a state level. California recently announced its own new privacy law, the California Consumer Privacy Act of 2018 (CCPA), that will go into effect in 2020.  Because many large companies operate in California as well as the EU, many of the practices in these regions will also extend to the remaining states.  However, the concern over data misuse on a national level continues to heighten as CEOs like Mark Zuckerberg and Sundar Pichai are called into question by Congress.

US Senator, John Thune, led a hearing last fall that examined the safeguards for consumer data privacy.  He expressed in his opening comments, “now we have arrived at a moment where, I believe, there is a strong desire by both Republicans and Democrats, and by both industry and public interest groups, to work in good faith to reach a consensus on a national consumer data privacy law that will help consumers, promote innovation, reward organizations with little to hide, and force shady practitioners to clean up their act.” Sen. Thune’s comments underscore the importance the Senate holds in developing a comprehensive national consumer data privacy law.

In recent efforts, at the close of the year, a draft Data Care Act by a group of 15 democratic senators proposes to hold companies accountable for exposing individual sensitive data to unauthorized access.  The proposed law would be enforced by the Federal Trade Commission (FTC).  If the law or a similar law passes, consumers in all states will have elevated protection from sensitive data exploitation under US federal law.  With the new Congress, it is yet to be seen whether a US version of GDPR will garner adequate bipartisan support to enact in 2019 and what the act will look like.