Updated: May 10
It’s only the second week of January 2023, and things are already heating up fast in the data privacy world. We all knew this would be “the year of data privacy,” but even for people who were prepared, the swift enforcement, amendments to existing privacy laws, and discussion of forthcoming ones are shocking in volume.
When are these new data privacy laws coming into effect?
Virginia Consumer Data Privacy Act (VCDPA) – January 1, 2023
California Privacy Rights Act (CPRA) – July 2023
Connecticut Data Privacy Act (CTDPA) – July 1, 2023
Colorado Privacy Act (CPA) – July 1, 2023
Utah Consumer Privacy Act (UCPA) – December 31, 2023
These dates are essential to keep an eye on because most laws now include a right-to-cure clause. That means business and website owners will be notified of non-compliance and be given a certain number of days to correct their practices before the process of a lawsuit begins.
However, those clauses have an expiration date – most of them in 2024. And just like 2023 snuck up on us, 2024 is bound to do the same.
What’s the scoop on data privacy enforcement so far this year?
We’re seeing a major uptick in activity on laws surrounding children’s data privacy, predictive software, deceptive practices, and data breaches. Here are a few of the hot topics from this week:
Facebook and Instagram are tightening their restrictions around ads that target teenagers. This makes sense, considering most platforms have age limits to use their products legally, the youngest being 13. That being said, many young children are using devices and social media – and as of yet, there are no specific provisions in existing laws except that the younger crowd must gain explicit consent from their parent or guardian.
YouTube and Google are currently embroiled in an ongoing lawsuit regarding children’s data privacy – and some big names are being called out. DreamWorks, Hasbro, Mattel, Cartoon Network, and more are all on the hook for targeted advertising toward children through data that was harvested on YouTube and Google platforms.
The Federal Trade Commission (FTC) also takes children’s data privacy seriously. With extra scrutiny around “dark patterns” in design that aim to fool users into agreements they can’t comprehend or can quickly scoot around, marketers, website owners, and businesses need to be extra careful. Compliance by design is a much easier – and safer path forward.
Meta is in the news again – but they’re the ones filing a lawsuit this time. A company called Voyager Labs claimed it could predict future crimes based on an individual’s social media activity and partnered with the LAPD in an attempt to do so. As you can imagine, this did not go well. If you watched Minority Report in 2002, you might have seen this coming. What does this have to do with children’s data? Remember the longer someone is on social media, the more data companies can gather about them over a lifetime. That’s scary!
The FTC finalized its ruling against Drizly. The liquor delivery company suffered a data breach exposing 2.5 million customers’ personal information – but that’s not the worst. Data breaches happen, but what Drizly did next was the final nail in the coffin. Not only did they claim they had appropriate security measures in place, but they also did not take action to update their existing systems after being alerted of a breach in 2020. While there is no fine associated with the ruling, Drizly must now abide by strict data governance rules. One slip-up, and their reputation will be ruined permanently.
Outside the United States, Germany has announced that it will now require Google to give users more control over where their data is stored and shared. This is a big hit for Google, a company that relies heavily on user data to make its product work. What will they do? Only time will tell.
How can my business stay compliant?
With so many laws coming into effect, and so many already being enforced, it’s more important now than ever to create a comprehensive plan to move your business forward. Data privacy can seem scary, but it doesn’t have to be complicated. A good Consent Management Platform (CMP) can get you right where you need to be – without spending hours studying the law.
Try Adzapier’s CMP and get 14 days of stress-free compliance on us. Schedule a demo with one of our privacy experts and they’ll get you up and running within 30 minutes. It’s still the beginning of the year. Like the old proverb says: “The best time to plant a tree was 20 years ago; the second-best time is now.”