In March 2023, the UK government published the Data Protection and Digital Information (No. 2) Bill (the bill). If enacted, the bill will introduce significant changes to the UK’s data protection laws, with the aim of introducing a simple, clear, and business-friendly framework, while maintaining high data protection standards.
Colorado AG’s Office Announces Final Colorado Privacy Act Rules: Key Takeaways
On March 15, 2023, the Colorado Attorney General’s (Colorado AG) office released the final version of the Colorado Privacy Act (ColoPA) rules (the final rules), which are based on public comments on the third version of the rules published on January 27, 2023.1 The final rules were published in the Colorado Register on March 25, 2023. While the final rules are substantially similar to the third version of the proposed rules, there are several notable revisions companies should consider as part of their compliance efforts. Below are some key takeaways from the changes in the final rules.
EU Privacy Regulators Coordinate to Assess Compliance with the GDPR Rules on Data Protection Officers
On March 15, 2023, the European Data Protection Board (EDPB) announced a coordinated action on the role of the data protection officers (DPOs). The data protection authorities (DPAs) will ask DPOs a series of questions to inquire about their designation and position in their respective organizations. The DPAs will also investigate compliance with the DPO-related requirements and follow-up on ongoing formal investigations. Organizations should consider reviewing their compliance with the General Data Protection Regulation (GDPR) requirements on DPOs in light of the upcoming DPA wave of enforcement.
White House Releases National Cybersecurity Strategy: Key Takeaways for the Private Sector
On March 2, 2023, the White House released its National Cybersecurity Strategy (the Strategy). The Strategy sets out ambitious goals for the federal government to hold countries accountable for irresponsible behavior in cyberspace and to disrupt the networks of criminals behind cyberattacks. It also seeks to establish, harmonize, and streamline regulations to secure critical infrastructure, as well as shift liability to those it considers to be best positioned to implement cybersecurity, such as owners and operators of the systems that hold consumer data and the technology providers that build and service these systems. The role of the private sector and collaboration between the public and private sectors are prominent themes throughout the Strategy, as is international collaboration.
FTC Announces Settlement with BetterHelp for Disclosing Consumers’ Health Information to Third-Party Advertisers
EDPB Issues Guidance on Cookie Banners
In January 2023, the European Data Protection Board (EDPB) published a report on cookie banners (Report). The Report provides practical guidance to companies doing business in the EU on how to comply with the EU cookie rules. It deals with issues such as reject-all buttons, pre-ticked boxes, banner design, and withdrawal icons. The Report is helpful for companies looking to implement a baseline approach to cookie compliance across the EU.