As 2021 comes to a close, it is a great time to take stock of the present state of affairs with respect to U.S. privacy laws. With the relatively recent passage of comprehensive privacy laws in California, and additional countries adopting laws that closely follow the principles of the EU’s General Data Protection Regulation (GDPR), along with increasing public concerns regarding how companies manage customers’ personal data, legal practitioners entered 2021 with high hopes that comprehensive federal privacy legislation may finally be on the horizon. Nevertheless, in a trend that is likely to continue in the year ahead, it was the states rather than federal legislatures that successfully added to the ranks of privacy laws with which businesses will soon need to comply.
Continue Reading Momentum Builds for State Privacy Laws but the Possibility of a Federal Law Remains Remote
On July 8, 2021, Colorado Governor Jared Polis signed the Colorado Privacy Act (the “Colorado Law”), a comprehensive privacy law that will take effect on July 1, 2023, into law. Colorado is the third U.S. state to pass a comprehensive privacy law, following California (the CCPA, as modified by the CPRA) and Virginia (the CDPA).