Top 10 Privacy Moments of 2021: 6-4 
Top 10 Privacy Moments of 2021: 6-4 ...

Top 10 Privacy Moments of 2021: 6-4 

Countdown the 10 biggest privacy developments of the past 12 months.

clock4 Min Read

Featured Image

There have been plenty of developments in the privacy world to keep track of over the past 12 months. As the end of the year approaches we take a look back at some of the developments that had the biggest impact on the privacy landscape. In the first installment of this series, we took a look at developments in Brazil, the APAC region, the Middle East, and Quebec. In this installment, we will look into what has happened this year regarding cookies, the EU Whistleblowing Directive, and US state privacy laws.  


Download the report - Data privacy in 2021

Top 10 Privacy Moments of 2021: 6-4 

  1. Cookies

Cookies and similar technologies have again remained a hot topic this year despite a lack of movement with the draft ePrivacy Regulation.  

The CNIL has been enforcing the implementation of their guidelines and final recommendations on cookies and other trackers which entered into force in March. The CNIL’s final guidelines included key principles including the recommendation to integrate a ‘Refuse All’ option, instead of a preference management option on the same information layer as an ‘Accept All’ option.  

In December, the Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (TTDSG) entered into force. The TTDSG consolidated the Telemedia Act 2007 and Telecommunications Act 1996 as well as implemented cookie consent requirements in accordance with Article 5(3) of the ePrivacy Directive in response to the CJEU’s ruling in the Planet49 case.  

In February, the Council of the European Union announced that it had agreed on a negotiating mandate. Negotiations will now commence with the European Parliament on the agreed text. Elsewhere in Europe, guidelines on the use of cookies were also issued in ItalyFinland, and Luxembourg.  

Further resources: 

  1. EU Whistleblowing Directive

The deadline for Member State implementation of the EU Whistleblower Directive passed on December 17, 2021. Member States had until this date to transpose the directive into national legislation. The Directive entered into force on December 16, 2019, giving Member States two years to transpose the Directive into national law. However, just a month before this deadline there were still jurisdictions in the region that hadn’t started the implementation process. The EU Whistleblowing Directive sets out a common minimum standard for the protection of whistleblowers across Europe and gives individuals working in private or public organizations the ability to report breaches of EU law in a workplace context without fear of retaliation.  

Further resources: 

  1. US State Laws

Throughout 2021 we have seen plenty of activity with respect to US State Privacy Laws. Across the US, many privacy bills were introduced to state legislatures, however, only a handful made it through into law. Notably, privacy bills in states such as Florida, Washington, and New York all died on the legislative calendar this year.  

There were some success stories to shout about, however – Back in March, the Virginia Consumer Data Protection Act (CDPA) was signed into law by the State Governor becoming the next state since California to introduce a comprehensive privacy law. The CDPA will introduce increased protection for consumer data and establishes a range of data subject rights, among other things. The CDPA will enter into effect on January 1, 2023.  

In July, Colorado followed suit and passed its own comprehensive privacy legislation, the Colorado Privacy Act (CPA). Like the CDPA, the CPA will introduce several new consumer rights and outlines a range of key definitions, including Controller and Processor. The CPA will enter into effect on July 1, 2023. 

 And, if you wanted another initialism to add to the list, the California Privacy Protection Agency (CPPA) held their inaugural board meeting this year and launched a public consultation on proposed rulemaking under the California Privacy Rights Act (CPRA). 

At a federal level, there have been many attempts to introduce privacy bills through 2021. One of these being the draft Control Our Data Act which, if passed, would set clear rules for protecting consumers’ data privacy on a national scale.   

Further resources:  

Follow OneTrust on LinkedInTwitter, or YouTube for the latest privacy developments.

You Might Also Be Interested In

NOVEMBER 17, 2022

The role of disclosures in risk assessment and mitigation 

NOVEMBER 15, 2022

US climate risk rule could affect more than 5,700 federal suppliers

NOVEMBER 14, 2022

The COP27 climate summit: What to expect and why it matters

NOVEMBER 10, 2022

CSRD update: EU approves new ESG disclosure rules

NOVEMBER 9, 2022

SOC 2: Starting your audit process

NOVEMBER 9, 2022

3 steps for mitigating the impact of ransomware attacks through data discovery

NOVEMBER 8, 2022

Department of Justice: 2022 Updates to Corporate Compliance Guidance 

NOVEMBER 3, 2022

CCPA regulations: A timeline of amendments

Onetrust All Rights Reserved