The California Consumer Privacy Act, the GDPR and the Future of US Privacy Law: Time to Worry Yet?

The GDPR brought major changes to the data industry, as stricter rules around notice, consent, contracting and consumer data rights were rolled out across Europe. These new rules were confusing and sometimes burdensome to marketers, online platforms, content and data providers alike. Prevailing trade winds have brought similar privacy laws and proposed bills to the United States – the first of which being the California Consumer Privacy Act, which imposes new obligations of disclosure, data deletion, and data access on a wide variety of online and offline companies. At the same time, Vermont has enacted the Vermont Data Broker Regulation in 2018, which requires “data brokers” to register with the state.

As more states consider passing a patchwork of similar privacy laws, Congress considers preemptive legislation – and self-regulatory groups like the DAA and NAI update their own rules – it is becoming harder for data-dependent companies to set a strategic path for the 12 to 24 months ahead.

Ken Dreifach, a seasoned data privacy attorney, will discuss the actual and potential impact of all of these laws and how marketers and data service vendors can plan ahead. Ken is a partner at ZwillGen, a boutique NYC and DC law firm specializing in privacy law. He has had a long career as in-house and outside counsel for numerous data companies and marketers. Among the positions he has held previously have been General Counsel of LiveRamp and Chief of the New York Attorney General’s Internet Bureau. He is also on the Board of Directors of the Network Advertising Initiative, the principal self-regulatory and trade organization for third party online data platforms.