October 24, 2020

Volume X, Number 298

Advertisement

October 23, 2020

Subscribe to Latest Legal News and Analysis

October 22, 2020

Subscribe to Latest Legal News and Analysis

October 21, 2020

Subscribe to Latest Legal News and Analysis

CIPL Publishes Concept Paper on an Interstate Privacy Interoperability Code of Conduct

The Centre for Information Policy Leadership at Hunton Andrews Kurth (“CIPL”) recently published a concept paper titled Why We Need Interstate Privacy Rules for the U.S.

The paper acknowledges the possibility that the U.S. may not implement a comprehensive federal privacy law in the near future, and that instead a growing patchwork of state laws will emerge. It proposes an interstate privacy interoperability code of conduct or certification as a solution to the possibility of inconsistent and disparate privacy requirements across the U.S. The paper outlines the benefits and key features of the code, as well as potential models and sources for its structure and substantive rules, such as the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules (“APEC CBPR”), ISO standards, existing state privacy laws, the EU General Data Protection Regulation (“GDPR”) and key federal privacy proposals. It also discusses the process that could be used to develop the code.

In particular, the paper identifies the following key features and benefits of a code:

  • It would create a set of common data privacy and security standards that organizations could implement for their business in the U.S;
  • It would provide enhanced transparency, legal certainty and consistent privacy protections for all Americans;
  • It could be recognized in states’ privacy laws, as well as in a future federal privacy law;
  • It would provide cross-sectoral functionality both at the federal and state levels if the sectoral approach to privacy regulation continues in the U.S.;
  • Participation would be voluntary and, as in the APEC CBPR, it could include third-party certification that an organization’s privacy practices align with the code;
  • It could be used as a blueprint for future state laws and eventually for a comprehensive federal privacy law;
  • It could provide a safe harbor for compliance with state (or federal) privacy laws;
  • Third-party certifiers would provide frontline oversight, complaint-handling and enforcement functions vis-à-vis participating organizations, thereby easing the enforcement burdens on state attorneys general and other relevant enforcement authorities; and
  • Compliance with the code could be leveraged to obtain certification under other similar international mechanisms for cross-border transfer or compliance purposes and might function as an “additional safeguard” for companies transferring data to the U.S. on the basis of standard contractual clauses in the wake of the Court of Justice of the European Union’s recent decision that invalidated the EU-U.S. Privacy Shield.
Copyright © 2020, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume X, Number 273
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement