The global privacy landscape has continued to develop rapidly throughout the course of 2020. From Schrems II to the Coronavirus pandemic, the privacy industry has undergone significant changes and presented numerous challenges. As we celebrate Data Privacy Day 2021, we’re taking a look back at some of the key developments that shaped the global privacy landscape in 2020. 


Register today: Regional Data Privacy Day events on January 28 

From California Consumer Privacy Act to California Privacy Rights Act

The final regulations under the CCPA were issued by the California Attorney General in August and entered into immediate effect. In November however, a vote on Proposition 24 led to the California Privacy Rights Act (CPRA) passing. The CPRA will not become operative until January 1, 2023, which gives organizations time to prepare and adapt their programs.

Updates to Cookie Guidance

Across Europe, cookies were a focus area of the various data protection authorities in 2020. In April, the Irish DPC published its report and updated guidance on the use of cookies and similar technologies. The EDPB adopted its updated guidelines for consent in May. In June the Conseil D’Etat issued a decision that partially annulled the French Data Protection Authority’s (the CNIL) cookies guidelines – the CNIL have since revised their guidelines and have issued new recommendations. 

Updates to Artificial Intelligence Regulations 

Discussions around AI and privacy gained momentum in 2020 with the release of various proposals, strategies, white papers, and pieces of guidance. Although debates around AI and privacy are ongoing, authorities are beginning to release detailed guidance. Notably, the UK’s Information Commissioner’s Office (ICO) has released various materials, and there have been guidelines, frameworks, and proposals published by the Council of Europe, European Commission, in Dubai, Hong Kong, Singapore, and India, as well as more on the horizon. 

Register today: Regional Data Privacy Day events on January 28 

Adapting to the Privacy Challenges of a Pandemic 

One of the biggest challenges of 2020 has undoubtedly been the Coronavirus pandemic. The pandemic introduced a unique set of challenges for data privacy, including the rapid need to adapt to remote working, largescale development of contract tracing apps, and a widespread move towards enhancing privacy programs. 

The Introduction of the LGPD  

Brazil’s General Data Protection Law (LGPD) came into effect in September 2020 and bought with it a range of new obligations for organisations operating both within Brazil and extraterritorially. There are some similarities between the LGPD and the GDPR, and, generally speaking the LGPD is expected to have comparable impact for organisations. LGPD enforcement will not come into effect until August 1, 2021, but the courts already have relevant powers and fines have been issued for violations of the LGPD. 

Schrems II and the end of Privacy Shield

One of the most notable updates of the year has undoubtedly been the CJEU’s ruling on the Schrems II case, invalidating the EU-US Privacy Shield. The decision also cast doubt over the use of Standard Contractual Clauses (SCCs). In November, the EDPB released its guidance on supplementary measures for transfers and guidance on European Essential Guarantees. The following day, the European Commission released its revised SCCs, both of which were put out for public consultation. 

2020’s impact on privacy was notable, we saw amendments and proposals to update existing privacy legislation as well as seeing several new laws introduced or proposed – giving way to a whole host of new challenges.

Register for your OneTrust Data Privacy Day event to hear the latest discussion on our global privacy overview from 2020! Or join your local community chapter for some fun and games to put your privacy knowledge to the test. 

Further Reading for Global Privacy Overview: 2020:

Next steps on Global Privacy Overview: 2020: