Licks Attorneys' Government Affairs & International Relations Blog

Doing Business in Brazil: Political and economic landscape

Licks Attorneys' COMPLIANCE Blog

And how about the privacy and protection of personal data in the United States of America?

No items found.

In this unique year of 2020, the significant milestone in the area of privacy and protection of personal data in the United States of America (USA) remains undoubtedly the CCPA - California Consumer Privacy Act, which started to protect the citizens of the State of California against commercial use of their personal data without their consent. But does privacy and protection of personal data in the US come down to the CCPA only?

Of course not! In fact, the form of federalist state adopted by the USA, with autonomy granted to each of the states, made the issue quite complicated. While Articles 21 to 24 of the Brazilian Federal Constitution of 1988 established the powers of entities, exclusive or concurrent, state autonomy is considerably greater in the USA. This complexity is illustrated in the map below, prepared by the International Association of Privacy Professionals (IAPP), which gives an updated impression of how the issue of privacy and protection of personal data is currently being addressed across the different US states:

According to this map, there are different privacy and data protection laws in California, Nevada, and Maine.

There are bills under discussion in Washington, Arizona, New Mexico, North Dakota, Nebraska, Texas, Louisiana, Iowa, Minnesota, Wisconsin, Illinois, Mississippi, Florida, South Carolina, Virginia, Maryland, New Jersey, New York, Connecticut, Massachusetts, and New Hampshire. Another state that also had a bill on the subject was Pennsylvania, but it has been discontinued, with no progress.

Therefore, half of the 50 American states are already addressing the issue of the privacy and protection of personal data.

In another interesting initiative, IAPP and the Westin Research Center prepared the table below, which provides a comparative view of the clauses in the wide variety of bills in process, considering the right of the data subject and the obligations of business:

Rights of the Data Subject Business Obligations
1. Right of Access 9. Option after a certain age (Opt-In) or Prohibition on Sale of Information
2. Right of Rectification 10. Notification / Transparency Requirement
3. Right of Elimination 11. Notification in the event of a data breach
4. Right of Restriction 12. Risk Assessments
5. Right of Portability 13. Prohibition of Discrimination in the Exercise of Rights of Subjects
6. Right to Not Accept (Opt-Out) 14. Purpose Limitation
7. Right of No Automated Decisions 15. Limitation of Treatment
8. Private Right of Action 16. Fiduciary obligation

However, it is essential to note that Americans have approached privacy and the protection of personal data with a focus on consumer relations.

In a future article, we will discuss privacy laws in Nevada and Maine, as we have already done so with respect to the CCPA in the state of California.

For those who wish to go deeper into the topic, we even recommend affiliating with IAPP, in order to have access to training and receive routine updates on the evolution of this issue.

No items found.