TerraTrueTerraTrue's privacy by design platform helps teams comply with global privacy regulations, identify risks, and trigger privacy and security reviews.

Get Started

October 4, 2022

Issue 8: Colorado draft regs are thick, y’all

Oh hey! Welcome to The Privacy Beat Newsletter!

Here’s the gist: Come here for insights on the hottest topics in privacy according to our peers’ tweets so you can walk into any happy hour or team meeting and sound like the absolute baller you are. No current topic gets by you. Did you post a hot take you want included? Tag it #PrivacyBeatNews and see if it makes it into the next edition!

Peeps,

This newsletter is admittedly coming to you two days late. I was with sickness last week, and I'm climbing out from the tomb. It's necessary, because it's time to saddle up for IAPP's P.S.R. in Austin next week. Will you be there? Let me know so we can meet up? I’m taking the podcast on the road, and I’ll be looking for some very clever subjects to be on-the-spot guests. Find me, and let's record for a few minutes.

But let's move beyond the pleasantries, here are the highlights from this week on Privacy Twitter.

Colorado draft regs are thick, y'all

Just as quickly as states can pass their own privacy laws, we want those regs! In accordance with our demands, on Sept. 30, Colorado Attorney General Phil Weiser dropped his initial Colorado Privacy Act draft regulations. Initial reactions? They’re thick, friends. Thicc. But if we’re thinking positively, the length provides for detailed rules of the road. And that’s a good thing, right?

For a detailed analysis, check out Husch Blackwell’s David Stauss’ thorough blog on this. But here’s a little cheat sheet. Found here, the draft regs:

  • Define “biometric data,” “bona fide loyalty program benefit,” and “data broker,” among other terms the Colorado Privacy Act regulates but had not defined.
  • Spell out acceptable universal opt-out mechanisms – including a “do not sell list” vs. a global opt-out signal.
  • Distinguish between profiling based on the type; those defined are solely automated processing, human reviewed automating profiling, and human involved automated processing.

I don’t know, it all sounds a little heavy to me, but, that’s why you’re the ones who operationalize this stuff, and I’m the one who writes about you doing it. Let’s never change.

Anyway, next steps: the Colorado Attorney General will hold a public hearing on the draft regulations on Feb. 1, 2023. The public can submit comments until then.

UK to the GDPR: For the last time, we're OV

The U.K.’s bumpy ride to data protection reform continues. As TechCrunch reports, Prime Minister Liz Truss’ cabinet says it's hitting pause on its most recent draft legislation. You’ll recall that the U.K. plans to diverge from the GDPR and create rules it says would be more business-friendly.

As seen in the tweet above, Michelle Donelan, secretary of state for digital, said the new approach will unshackle businesses from unnecessary red tape.

That comment incited some pretty solid takes.

Hannah Poteat on Donelan's quote, "Today, conference, I am announcing that we will be replacing GDPR with our own business and consumer-friendly data protection system." I found this little exchange fun.

Privacy Shield: The Next Iteration

If I could go back and talk to 2015 Angelique, I would have told that sweaty journalist to relax: That story on Safe Harbor’s demise can wait, ‘cuz in 2022 we’re still going to be sorting this mess.

Politico reports the White House will publish “Privacy Shield: The Next Iteration” (my term not theirs) this week. There is a draft, allegedly. It’s almost certain the new draft will face significant challenges over age-old EU concerns about U.S. law enforcement agencies’ surveillance policies and their impact on EU citizens’ data. But the new deal aims to create guardrails around what’s “necessary and proportionate” for the agencies to scoop up.

That's the big news of late. Apropos nothing, if you haven't checked out the new podcast, would ya? Every two weeks, The Privacy Beat features in-depth interviews on privacy hottest, sexiest news. I'd love to hear what you think of the show and who you want to hear from on future episodes. See you in Austin!

Love,

Angelique

Recent episodes of The Privacy Beat Podcast:

Um, California passed a children’s privacy law?

While most of us were distracted by talks of a federal privacy bill, California’s Senate passed its Age-Appropriate Design Code. It awaits Gov. Gavin Newsom’s signature, and then it’s law. Santa Clara Law School’s Eric Goldman hates this bill a whole lot, and he wants to tell you why.

Listen here

California’s new children’s law could dismantle the status quo: Is that bad?

Last week, Eric Goldman visited the podcast to rip California’s Age-Appropriate Design Code to shreds. Some of you did not like that. On today’s episode, Stanford University’s Dr. Jen King has a different take, “We’ve had nearly thirty years of design masquerading as being values-agnostic driving the development of the internet. Do we really want to defend this status quo?”

Listen here

Who’s gonna own the data in the end?

Reporting on a specific industry gives journalists unique views on the inside baseball and its players. In this free-ranging conversation, host Angelique Carson talks to longtime privacy journalist Mike Swift about the ADPPA, the Biden administration’s aims on consumer privacy in the U.S., and who’s gonna own the data in the end: the companies or the consumers?

Next up on The Privacy Beat Podcast

Oct. 6, 2022 episode: Prof. David Carroll, featured in the Netflix Documentary, “The Great Hack,” is here at The Privacy Beat Podcast to discuss his crusade for data protection rights in the U.S. and suing Camrbidge Analytica in the wake of the 2016 presidential election. Don’t miss!

Twitter Hot Take of the Week goes to:

Loading GTM...