COVID-19 wasn’t the only thing to sweep the globe in 2020 — the year also brought a wave of privacy legislation. Major players, including Brazil, Canada and China, all introduced privacy legislation that closely aligns with the EU General Data Protection Regulation. And in the U.S., California debuted the highly anticipated California Consumer Privacy Act (CCPA) and quickly followed up by approving the California Privacy Rights Act of 2020 (CPRA), which modifies the existing CCPA obligations and introduces new ones. So, what’s in store for 2021?

To better regulate the use of personal data and protect citizens, the European Union adopted the General Data Protection Regulation (GDPR), which came into force on 25 May 2018. In the UK, the GDPR is tailored by the Data Protection Act 2018. Non-EU businesses with offices in Europe, or who hold or process data coming from Europe, also need to be fully appraised of GDPR. The digital revolution has made it easier for companies to collect insights on their markets to better understand their clientele's behavior. But it has also paved the way for potential abuses, creating a climate of suspicion. How can AI earn the public’s trust?

Last week, Didier Reynders, European Commissioner for Justice, and Dr. Andrea Jelinek, Chair of the European Data Protection Board (EDPB), appeared at a hearing conducted by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, and updated committee members on their work since the Schrems II decision. In his remarks, Mr. Reynders identified three main areas on which the Commission is focusing.

Regardless of industry, no company can escape the widespread reach and impact of data.  Whether a company is collecting account information from customers or aggregating platform usage data, handling large amounts of data has become the norm. While this creates boundless new opportunities for businesses in analytics and real-time decisioning, it also introduces new risks that organizations need to consider and prevent where possible.

In the wake of the Court of Justice of the European Union’s Schrems II judgment, on July 23, 2020, the European Data Protection Board (EDPB) adopted a Frequently Asked Questions document to “provide initial clarification and give preliminary guidance to stakeholders on the use of legal instruments for the transfer of personal data to third countries, including the U.S.” The EDPB stated that the document will be updated, and further guidance provided, as it continues to examine and consider the judgment. The six-page FAQs provides the following guidance.

The European Union’s top court ruled that an agreement that allows thousands of companies — from tech giants to small financial firms — to transfer data to the United States is invalid because the American government can snoop on people’s data, according to an AP News report. The ruling could impact how companies transfer European users’ data to the United States and other countries, such as the U.K,  and could require regulators to vet any new data transfers to make sure Europeans’ personal information remains protected according to the EU’s stringent standards, says AP News. 

With the second anniversary of GDPR on the horizon, the topic of data security is as pertinent as ever. Despite the proliferation of connected devices and the personal information and sensitive data they harbor, many consumers are unaware of just how susceptible their pocket-sized computers are to cyberattack.

According to a Linklaters analysis, there has been a major increase of data breach notifications to data protection authorities, with an average increase in notifications of 66 percent compared to Year 1 of the EU General Data Protection Regulation (‘GDPR’).