In the wake of Data Privacy Day, American businesses are facing increasing regulatory pressure when it comes to protecting personal data. In November, California voters approved the California Privacy Rights Act (CPRA), which modifies and enhances the existing California Consumer Privacy Act (CCPA). CPRA creates a dedicated enforcement agency, it broadens the definition and responsibilities around “sensitive personal information,” children’s data and data retention policies, and it adds more consumer rights options.
Meanwhile, a ruling in a European court in the summer called “Schrems II” has created significant uncertainty and risk with regard to transatlantic data transfers and compliance with the EU’s General Data Protection Regulation (GDPR), which applies to data that can uniquely identify EU citizens.