The FCBA Privacy and Data Security Committee and the American Bar Association’s Forum on Communications Law will hold the 16th Annual Privacy & Data Security Symposium on Tuesday, November 16 from 2:00 – 6:00 p.m. ET. This program will be held virtually via the Zoom platform.
A comprehensive, omnibus privacy law has long been on the table in Congress, but it never seems to make it to the House or Senate floor. While such legislation progresses in fits and starts, other government bodies have been flexing their authority to regulate the privacy practices of U.S. businesses. In the past few years, several states have passed omnibus privacy legislation or laws targeted to address specific privacy issues, and more are expected. At the federal level, the Federal Trade Commission (FTC) has given increasing signals that it will take a more aggressive stance against consumer privacy harms. Beyond the U.S.’s borders, other countries have started to follow the lead of the European Union in adopting comprehensive privacy laws.
These actions sometimes overlap, but often diverge, leaving businesses—and the legal professionals that serve them—reeling as they attempt to keep up. This event will take a deeper dive into this evolving landscape, examining the latest developments in the states, at the FTC, and abroad and exploring how U.S. companies can implement policies and procedures that meet the expanding expectations of the these varying regimes in the dynamic data ecosystem.
If you are an ABA Forum on Communications Law member, please contact Elizabeth Hagerty at firstname.lastname@example.org to register.
Click here to sponsor. Sponsorship of the event is available for $1,000 and includes one complimentary registration for the symposium. Sponsors cannot register online.
The FCBA has applied for 3.5 hours of MCLE credit from the VA Bar. This program has not yet been approved.
Speakers and panelists to be announced.
2:00 – 2:05 p.m. Welcome and Introduction
2:00 – 2:25 p.m. Keynote Address
2:25 – 3:30 p.m. Session I: The Growing Patchwork of State Privacy Laws
Without a comprehensive privacy law at the federal level, states have continued to consider and adopt laws to regulate privacy. In 2018, California was the first state to adopt omnibus legislation: the California Consumer Privacy Act (CCPA). This was followed by the California Privacy Rights Act of 2020 (CPRA), approved by California voters that year. In 2021, Virginia and Colorado followed suit by enacting their own omnibus privacy laws, which will go into effect in 2023. In addition to these omnibus frameworks, targeted state privacy laws are affecting how companies do business, including laws that govern biometrics, online privacy, and ISP privacy. State Attorneys General have been active implementing and enforcing their privacy laws, as well as unfair and deceptive acts and practices that affect consumer privacy. As national companies contend with the growing patchwork of state privacy frameworks, this panel will discuss the various laws, rulemaking activity, enforcement trends, and legislative proposals that should inform an organization’s compliance strategies and planning.
3:30 – 3:40 p.m. Break
3:40 – 4:45 p.m. Session II: How the FTC is Filling the Federal Privacy Law Void
In the absence of an omnibus federal privacy law, the FTC remains the leading arbiter of how companies must protect the privacy of consumers across the U.S. With its new and incoming leadership, the agency seems poised to significantly expand its efforts, which could have substantial implications for businesses. In March, the agency launched a new team to handle rulemakings, and the commissioners voted to streamline the FTC’s rulemaking procedures in July, which together are expected to smooth the way for comprehensive FTC privacy rules. Agency leadership has also signaled that it will use its existing authority to enforce against unfair and deceptive acts and practices that harm consumer privacy before new rules are adopted. Additionally, the FTC is expected to continue its robust enforcement of the Children’s Online Privacy Protection Act (COPPA) and its COPPA rules, which the agency may soon update. This panel will explore these developments and what they mean for businesses and consumers.
4:45 – 4:50 p.m. Break
4:50 – 6:00 p.m. Session III: Going Global—International Data Protection in a Connected World
International data privacy never rests. International developments have started shaping the daily operations of U.S. businesses. These data protection regimes leave companies mapping and assessing their data collection, use, and retention strategies. Organizations conduct deep-dives to determine whether they can engage in cross-border data transfers. Enforcement actions highlight each jurisdiction’s strategy along with the breadth of potential extraterritorial application. Meanwhile, international laws and regulations are in a constant state of flux even as the U.S. carries on without comprehensive privacy legislation. In August 2020, China passed its first omnibus data protection law, the Personal Information Protection Law (PIPL). One month later, Quebec acted to modernize the protections of personal information with the digital age in mind. At the same time, organizations will have until December 2022 to migrate to the new European Union Standard Contractual Clauses. This panel will discuss the various laws and regulations impacting international data protection and how they impact decisions by American businesses, including cross-border data transfers, in the absence of U.S. federal privacy legislation or meaningful changes to how the U.S. government can access data.