May 28, 2022

Volume XII, Number 148

Advertisement
Advertisement

May 27, 2022

Subscribe to Latest Legal News and Analysis

May 26, 2022

Subscribe to Latest Legal News and Analysis

May 25, 2022

Subscribe to Latest Legal News and Analysis

Data Privacy Day Around the World on Data Privacy Day: January 28, 2022

By 2023, 65 percent of the world’s population will have its personal data covered under modern privacy regulations, up from 10 percent in 2021, according to a technology and consulting company. In light of this, 2022 will see regions such as the Asia Pacific region, Europe, the Middle East, and the United States introducing new data privacy and protection laws.

In celebration of Data Privacy Day, we are highlighting some of these laws as well as some global data privacy and protection questions, expectations, and trends that lie ahead in 2022.

Without further ado, below are some of the privacy laws from around the world that we anticipate will go into effect in 2022 or that recently went into effect.

Australia

2022 will see draft anti-trolling legislation, renewal of the Privacy Act 1988, and the introduction of the Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021 to Parliament.

China

2022 will see numerous national-level and local-level laws regulating the processing of data and personal information, many of which have a cross-border element (e.g., the Administrative Regulations on Network Data Security and the Measures for Security Assessment of Cross-Border Data Transfer).

Germany

2022 welcomed Article 327q of the German Civil Code, which went into effect on January 1, 2022. Article 327q enhances consumer personal data protections.

India

2022 will likely see the passage of India’s Personal Data Protection Bill, 2019, which will cover both personal and nonpersonal data.

Ireland

2022 will see the commencement of the final sections of the Data Sharing and Governance Act 2019.

Israel

In 2022, two amendments to the Protection of Privacy Law, 5741-1981 may be enacted.

Japan

On April 1, 2022, amendments to the Act on the Protection of Personal Information will go into effect.

Qatar

On May 21, 2022, the Data Protection Regulations 2021 and the Data Protection Rules 2021 will take effect.

South Korea

2022 will likely see significant amendments to the Personal Information Protection Act.

Sri Lanka

In 2022, the Act to Provide for the Regulation of Processing of Personal Data may go into effect.

Switzerland

In 2022, the revised Swiss Federal Act on Data Protection and its revised ordinances are expected to go into effect.

Thailand

In 2022, the Personal Data Protection Act 2019 may go into effect.

Turkey

2022 may see amendments to the most controversial provisions of the Law on Personal Data Protection (Law No. 6698).

European Union

2022 will see a wave of data protection legislation, including the Digital Services Act and Digital Markets ActData Governance ActePrivacy RegulationNIS II Directive (Security of Network and Information Systems), Artificial Intelligence Act, and the Data Governance Act.

United States

Several privacy laws will go into effect within the next 18 months in California (the California Privacy Rights Act (CPRA), which is effective on January 1, 2023), Colorado (the Colorado Privacy Act (CPA), which is effective on July 1, 2023), Virginia (the Consumer Data Protection Act (CDPA), which is effective on January 1, 2023), and New York (the Employee Monitoring and amendment to the New York Civil Rights Law), which is effective on May 7, 2022. In addition, privacy rights legislation is under consideration in the following states:

The Big Questions, Expectations, and Trends for 2022

The big questions

  • Will 2022 see a comprehensive U.S. federal privacy law?

  • Will the UK’s data adequacy decision remain valid?

  • Will 2022 be the year the cookie jar is emptied? Will there be a cookie-less future?

The expectations

Employers can expect the following developments in 2022.

  • More General Data Protection Regulation (GDPR) enforcement;

  • Results from the UK government’s consultation on the data reform, which may result in new legislation during 2022;

  • The UK government may be advancing its own program of data adequacy partnerships with Australia, Colombia, Dubai International Finance Centre, Singapore, South Korea, and the United States;

  • The results from the UK Information Commissioner’s Office (ICO) consultation on the draft international data transfer agreement (IDTA) and guidance, which replace Standard Contractual Clauses (SCCs);

  • More clarity on international data flows following an Austrian Data Protection Authority (“Datenschutzbehörde” or “DSB”) ruling that the use of search engine analytics violates the “Schrems II” decision; and

  • A harmonized position across Europe and the United Kingdom on the processing of COVID-19 vaccination data in the workplace.

The trends

Here are some trends that have emerged have data privacy legislation and court decisions.

  • Organizations may start striving to amend contracts; whilst the old SCCs were repealed on 27 September 2021, organizations have a grace period until December 27, 2022, to amend contracts executed before September 27, 2021;

  • The rise of transfer impact assessments: the new SCCs require data exporters to conduct an assessment of the laws and practices of the third country of destination that are applicable to personal data transferred;

  • Further regulatory scrutiny on privacy notices following the Digital Preservation Coalition (DPC) imposing a fine of €225 million on an app for failing to discharge its transparency obligations under the GDPR in the context of its privacy notice.

  • Further regulatory scrutiny on data minimisation following the DPC’s decision in a December 2020 case coupled with a complaint filed against a dating app for requesting excessive information from individuals when exercising their GDPR rights;

  • A rise of data protection of children and other vulnerable groups, for example, through the use of end-to-end encryption technologies (which the ICO’s position advocates) and various regulatory strategies (such as Ireland’s Data Protection Commission’s (DPC) Regulatory Strategy for 2022-2027); and

  • A rise of claims related to privacy and data protection, in particular, data breach claims following the likely rise of ransomware attacks.

© 2022, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.National Law Review, Volume XII, Number 28
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Associate

Salvatore specializes in data protection and privacy law. He supports clients across the world with their regulatory data privacy compliance. He works with partners and associates across Ogletree Deakins’ international network to advise clients on the impact of global data privacy laws, the complexities of international transfers, and the practical steps for compliance solutions to the myriad data protection laws. He also writes a personal blog on data privacy and technology, which features regular data protection, privacy and security legal updates to help his readers...

44(0) 207 822 7632
Advertisement
Advertisement
Advertisement