In today’s time, globally data privacy is being recognized as one of the most valuable assets of organizations and triggering the need for a stringent level of data protection. 2020 is set to become a momentous year for data protection legislation across the globe, with the enforcement of the California Consumer Privacy Act (CCPA) likely to grab headlines and set the tone for further US legislation at the state and federal levels. New data protection legislation also came into force in Brazil and Thailand. Countries such as India and South Korea joined the global movement, for stricter data protection laws.
The year 2020 kicked off with a bang on 1st January as the California Consumer Privacy Act (CCPA) officially came into force. While the CCPA cannot be enforced by the California Attorney General (AG), the final regulations might be promulgated on 1st July 2020; Attorney General Xavier Becerra has stated that the CCPA compliance deadline remained 1st January. This means that enforcement will be applied retroactively by the Attorney General, covering violations dating back to 1 January 2020. The CCPA gives consumers a private right of action and statutory damages against businesses that suffer data breaches due to a failure on their part to implement and maintain reasonable security procedures and practices. The private right of action, however, applies only to some of the categories of personal information as defined under California’s breach notification statute, not the CCPA.
Another two significant data protection laws coming into effect in 2020 are Brazil’s Lei Geral de Protecao de Dados (LGPD) and Thailand’s Personal Data Protection Act (PDPA). The LGPD, closely modeled after the EU’s General Data Protection Regulation (GDPR), will come into force on 15 August 2020 and will apply to all companies that handle the personal information of Brazilian residents, whether they are physically located within the country or not. With the provisions providing for the creation of the Autoridade Nacional de Proteção de Dados (ANPD), the body tasked with enforcing the new legislation, finally promulgated in 2019, the LGPD is now set to follow in the steps of the GDPR.
Several data protection legislation initiatives are likely to go through the final approval stages in 2020. Most prominent among these are one of India’s Personal Data Protection Bill, 2020. The Bill has been referred to a Joint Parliamentary Committee for detailed examination, and the report is expected by the Budget Session, 2020. The Bill seeks to provide for the protection of personal data of individuals, create a framework for processing such personal data, and establishes a Data Protection Authority for the purpose.
On 9 January 2020, South Korea introduces 3 major Amendments in the Personal Information Protection Act (‘PIPA’), the Act on the Promotion of Information and Communications Network Utilization and Information Protection (‘Network Act’) and the Act on the Use and Protection of Credit Information (‘Credit Information Act’).
The Amendments largely aim to: ü Minimize the burden of redundant regulatory activities and confusion among regulated persons stemming from previously overlapping data privacy regulations and multiple supervisory bodies; and ü Develop a ‘data economy’ by introducing the concept of ‘pseudonymized data’ and a legal basis upon which data may be utilized more flexibly (to an extent reasonably related to the original purpose of collection).
- DO I NEED PRIVACY FOR MY APPLICATION?
- Adhering to the law
- Staying above board with third-party distributors
- Building trust with consumers
- Making more money (and keeping it)
- European Union: General Data Protection Regulation (GDPR)Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
- USA: The California Online Privacy Protection Act (CalOPPA) and The California Consumer Privacy Act (CCPA)
- UK: Data Protection Act 1998(DPA)
To circumvent loopholes like these, regulations were put into a place to ensure that the consumers had easy access to Privacy Policies that may concern personal data. These two laws are the pertinent regulations that apply to most online businesses:
- GDPR– Europe’s General Data Protection Regulation can be enforced on any company that collects personal information from European residents. The GDPR states the following regarding Privacy Policies:
Beyond these specific requirements, regulations like the GDPR and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) also requires that consumers should be informed of how their information is used when they give their consent for data processing.
This article has provided information about the law designed to help our readers better understand the legal issues surrounding internet marketing. But legal information is not the same as legal advice, the application of the law to an individual’s specific circumstances. Although we have researched to better ensure that our information is accurate and useful, we insist that you consult a lawyer if you want professional assurance that our information, and your interpretation of it, is accurate. To clarify further, you may not rely upon this information as legal advice, nor as a recommendation or endorsement of any particular legal understanding.