December 22, 2021
Top 10 Privacy Moments of 2021: 6-4
4 Min Read
There have been plenty of developments in the privacy world to keep track of over the past 12 months. As the end of the year approaches we take a look back at some of the developments that had the biggest impact on the privacy landscape. In the first installment of this series, we took a look at developments in Brazil, the APAC region, the Middle East, and Quebec. In this installment, we will look into what has happened this year regarding cookies, the EU Whistleblowing Directive, and US state privacy laws.
Top 10 Privacy Moments of 2021: 6-4
Cookies and similar technologies have again remained a hot topic this year despite a lack of movement with the draft ePrivacy Regulation.
The CNIL has been enforcing the implementation of their guidelines and final recommendations on cookies and other trackers which entered into force in March. The CNIL’s final guidelines included key principles including the recommendation to integrate a ‘Refuse All’ option, instead of a preference management option on the same information layer as an ‘Accept All’ option.
In December, the Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (TTDSG) entered into force. The TTDSG consolidated the Telemedia Act 2007 and Telecommunications Act 1996 as well as implemented cookie consent requirements in accordance with Article 5(3) of the ePrivacy Directive in response to the CJEU’s ruling in the Planet49 case.
- OneTrust DataGuidance Portal: Cookies and Similar Technologies
- OneTrust Solutions: OneTrust Cookie Consent
- OneTrust Webinar: Cookies & Tech 2021 Round-Up: Italy, California, Global Privacy Control, Third-Party Cookies & More
EU Whistleblowing Directive
The deadline for Member State implementation of the EU Whistleblower Directive passed on December 17, 2021. Member States had until this date to transpose the directive into national legislation. The Directive entered into force on December 16, 2019, giving Member States two years to transpose the Directive into national law. However, just a month before this deadline there were still jurisdictions in the region that hadn’t started the implementation process. The EU Whistleblowing Directive sets out a common minimum standard for the protection of whistleblowers across Europe and gives individuals working in private or public organizations the ability to report breaches of EU law in a workplace context without fear of retaliation.
- OneTrust DataGuidance Portal: EU Whistleblowing Directive
- OneTrust DataGuidance Infographic: EU Whistleblowing Directive
- OneTrust DataGuidance Webinar: The EU Whistleblower Directive Deadline is Approaching: Are You Ready?
US State Laws
Throughout 2021 we have seen plenty of activity with respect to US State Privacy Laws. Across the US, many privacy bills were introduced to state legislatures, however, only a handful made it through into law. Notably, privacy bills in states such as Florida, Washington, and New York all died on the legislative calendar this year.
There were some success stories to shout about, however – Back in March, the Virginia Consumer Data Protection Act (CDPA) was signed into law by the State Governor becoming the next state since California to introduce a comprehensive privacy law. The CDPA will introduce increased protection for consumer data and establishes a range of data subject rights, among other things. The CDPA will enter into effect on January 1, 2023.
In July, Colorado followed suit and passed its own comprehensive privacy legislation, the Colorado Privacy Act (CPA). Like the CDPA, the CPA will introduce several new consumer rights and outlines a range of key definitions, including Controller and Processor. The CPA will enter into effect on July 1, 2023.
And, if you wanted another initialism to add to the list, the California Privacy Protection Agency (CPPA) held their inaugural board meeting this year and launched a public consultation on proposed rulemaking under the California Privacy Rights Act (CPRA).
At a federal level, there have been many attempts to introduce privacy bills through 2021. One of these being the draft Control Our Data Act which, if passed, would set clear rules for protecting consumers’ data privacy on a national scale.
- OneTrust DataGuidance Comparison: US State Law Tracker
- OneTrust DataGuidance Portal: Virginia CDPA
- OneTrust DataGuidance Portal: Colorado CPA