2 minute read
What changes in Data Privacy can we look forward to in 2020?
Topics: Data Privacy
By Calligo on 9 December 2019
Our Data Privacy Periodic Table initially launched in 2018 to make the world of Data Privacy a little easier to understand.
The first-of-its-kind project pulls together the 118 key “elements” of data privacy and data protection, and was created to help individuals better understand the complex nature of privacy and shed light on its often confusing terminology and how various pieces inter-relate.
Over the last 18 months, the Data Privacy Periodic Table has been regularly updated by our in-house privacy experts, often with input from contributors across the wider privacy community as new laws come into effect and interpretations evolve.
The open project has been shared and downloaded across the globe and its popularity doesn’t appear to be slowing down.
But, the question is, what changes in Data Privacy can we look forward to in 2020?
There are two major ones in January alone…
The California Consumer Protection Act “CCPA” will come into effect on 1st January 2020 and has been designed to give Californians more control over their personal data.
The law applies to all companies – regardless of their location – that serve California residents and exceed $25 million in annual revenue. It also applies to any companies under that threshold that hold personal data of at least 50,000 individuals, or that collect more than half of their revenues from the sale of personal data.
Some argue that the CCPA takes a broader view than the GDPR of what constitutes personal data as it lists more examples, including web histories and educational records. The counter argument is that while these aren’t listed in GDPR, they come within the broad category of information that could be used to identify an individual, so are already accounted for.
Some of the data protections that CCPA introduces for Californian residents include:
For more information on CCPA and how we can help your business, visit here.
Technically, this removes it from the legal framework of the EU, making it no longer automatically deemed a suitable territory for EU data to be processed in or transferred to.
Unless of course, individual businesses make suitable provisions of their own to legitimise their receipt and processing of EU personal data, or the UK is granted “adequacy”.
If the UK leaves the EU with a Deal, then a transitional period begins for approximately two years, which maintains the status quo while the departure is formalised, including preserving for the time being the UK’s suitability for collecting and processing EU data. This also creates a window of time within which the UK can negotiate its “adequacy”.
However, in a No Deal scenario, the UK will lose this grace period and instantly becomes an inappropriate territory for EU personal data, which will place an immediate burden on every business in the UK collecting and processing EU data to prove they have put in place the full raft of GDPR provisions, including an EU Representative and Standard Contractual Clauses with all data partners.
Find out more about the various potential impacts of Brexit in our flowcart here.
These are just two examples in the very first month of the year of new ways in which Data Privacy will shape and affect businesses in 2020. And with plenty more legislation in draft, and multiple discussions ongoing over data privacy and ethics, especially in the field of AI and innovative technologies, more will surely follow.
Download your copy of the latest version of the Data Privacy Periodic Table by clicking below.