The day’s top stories from around the world

Where the real conversations in privacy happen

Original reporting and feature articles on the latest privacy developments

Alerts and legal analysis of legislative trends

Exploring the technology of privacy

A roundup of the top Canadian privacy news

A roundup of the top European data protection news

A roundup of the top privacy news from the Asia-Pacific region

A roundup of the top privacy news from Latin America

A roundup of US privacy news

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

Connect with IAPP members around the globe without ever leaving your home. Find a Virtual Networking event today.

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Locate and network with fellow privacy professionals using this peer-to-peer directory.

Review a filterable list of conferences, KnowledgeNets, LinkedIn Live broadcasts, networking events, web conferences and more.

Understand Europe’s framework of laws, regulations and policies, most significantly the GDPR.

Steer a course through the interconnected web of federal and state laws governing U.S. data privacy.

Learn the intricacies of Canada’s distinctive federal/provincial/territorial data privacy governance systems.

Develop the skills to design, build and operate a comprehensive data protection program.

Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them.

Gain the knowledge needed to address the widest-reaching consumer information privacy law in the U.S.

Learn the legal, operational and compliance requirements of the EU regulation and its global influence.

Meet the stringent requirements to earn this American Bar Association-certified designation.

The global standard for the go-to person for privacy laws, regulations and frameworks

The first and only privacy certification for professionals who manage day-to-day operations

As technology professionals take on greater privacy responsibilities, our updated certification is keeping pace with 50% new content covering the latest developments.

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABA’s newest accredited specialties.

The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for GDPR readiness. Learn more today.

Mostre seus conhecimentos na gestão do programa de privacidade e na legislação brasileira sobre privacidade.

Certification des compétences du DPO fondée sur la législation et règlementation française et européenne, agréée par la CNIL.

Use the Vendor Demo Center, Privacy Vendor List and Privacy Tech Vendor Report to easily identify privacy products and services to support your work.

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources related to international data transfers.

The IAPP’s US State Privacy Legislation Tracker consists of proposed and enacted comprehensive state privacy bills from across the U.S.

This tracker organizes the privacy-related bills proposed in Congress to keep our members informed of developments within the federal privacy landscape.

Access all reports and surveys published by the IAPP.

Access all white papers published by the IAPP.

IAPP members can get up-to-date information here on the California Consumer Privacy Act and the California Privacy Rights Act.

The IAPP's EU General Data Protection Regulation page collects the guidance, analysis, tools and resources you need to make sure you're meeting your obligations.

This chart maps several comprehensive data protection laws to assist our members in understanding how data protection is being approached around the world.

This interactive tool provides IAPP members access to critical GDPR resources — all in one location.

See top experts discuss the critical privacy issues and regulations impacting businesses across Asia.

Join DACH-region data protection professionals for practical discussions of issues and solutions. Presented in German and English.

P.S.R. 2022 is the place for speakers, workshops and networking focused on the intersection of privacy and technology.

Europe’s top experts predict the evolving landscape and give insights into best practices for your privacy programme.

Gain exclusive insights about the ever-changing data privacy landscape in ANZ and beyond.

The world’s top privacy conference. Whether you work in the public or private sector, anywhere in the world, the Summit is your can't-miss event.

Join data protection professionals from across the Netherlands and Europe for concentrated learning, sharing and networking.

View our open calls and submission instructions.

Increase visibility for your organization — check out sponsorship opportunities today.

Review upcoming IAPP conferences to see which need to be included in your schedule for the year ahead.

Start taking advantage of the many IAPP member benefits today

See our list of high-profile corporate members—and find out why you should become one, too

Don’t miss out for a minute—continue accessing your benefits

Review current member benefits available to Australia and New Zealand members

Despite facing a time crunch, a flood of stakeholder feedback and unforeseen Congressional opposition, the proposed American Data Privacy and Protection Act keeps on chugging.

The bill's next act will come on the U.S. House floor after the House Committee on Energy and Commerce markup July 20 resulted in a 53-2 vote to advance the bill to full House consideration. The vote to advance marks the first time a comprehensive privacy bill will be made available for a full chamber vote in either the House or the Senate.

"We have finally come up with a landmark compromise, the key word being compromise," Committee on Energy and Commerce Subcommittee on Consumer Protection and Commerce Chair Rep. Jan Schakowsky, D-Ill., said. "It's been a lot of work bringing these stakeholders together. I know almost everyone can probably find something that they wished were different in the bill. On the other hand, I do think we have a band-aid for the American people who are just fed up with the lack of privacy online."

The majority of the updates included in the amended bill passed out of committee came via an amendment in the nature of a substitute submitted by Energy & Commerce Committee Chair Rep. Frank Pallone, D-N.J. Important changes made by the AINS included changing the private right of action's effective date from four years to two years post-adoption, expanding categories of sensitive information, enforcement tweaks related to the authority of the U.S. Federal Trade Commission and the California Privacy Protection Agency, updated language on the "actual knowledge" standards around minors' data, and technical changes to the definitions for "covered entity" and "service provider."

"There's been a lot of work done to get to this place," Committee on Energy and Commerce Ranking Member Rep. Cathy McMorris Rodgers, R-Wash., said. "There's been a lot of ... [c]onstructive feedback necessary to move a bill like his through committee. … I support the AINS as it reflects a bipartisan agreement to continue to improve this solution as it goes through the legislative process."

While other amendments were accepted during the markup, an attempt to exempt the California Consumer Privacy Act and the California Privacy Rights Act from the bill's preemption provisions was not taken up following a 48-8 roll call vote. There was foreshadowing for this amendment, raised by Rep. Anna Eshoo, D-Calif., a week before the markup when reported concerns from Californian members of the House surfaced over how California's privacy law is perceived to be stronger than the current federal proposal.

The argument was framed differently by Eshoo when she brought the amendment to the committee, calling for a "federal floor" for all states to build off and not a specific carveout for California.

"It allows all states, not just California, to provide additional rights in addition to those established under federal law," Eshoo said. "The ADPPA provides strong privacy protections, particularly in regards to civil rights and child safety. … This amendment would not affect those rights and protections, it would simply let states strengthen them."

Eshoo also spoke to the need for "flexibility to respond to changes in technology and expand rights where necessary" while noting Congress "has not demonstrated" the ability to do so in a timely manner. Meanwhile, Rep. Doris Matsui, D-Calif., took a more blunt approach to her dissatisfaction with preempting California while also noting support for for dialed back preemption from Gov. Gavin Newsom, D-Calif., Speaker of the State Assembly Anthony Rendon, D-Calif., and the California Privacy Protection Agency.

"Since the start of these discussions one thing has been clear: The California delegation is committed to protecting our state's progress and its ability to lead," Matsui said. "I believe the ability to continue to raise the bar on privacy is vital for California and the nation. Unfortunately as drafted, this bill does not preserve that ability. By foreclosing California's ability to act, I believe we are doing my state and the country a profound disservice. … California must remain a voice for consumers everywhere."

The supporting remarks were met with bipartisan backlash, as most committee members viewed Eshoo's amendment as effectively unraveling the fragile compromise Congress had worked toward over recent months and years. Rep. Billy Long, R-Mo., posed the question, "why are we even here or why are we doing this if we're going to preserve California?" Committee Chair Pallone was equally sour on risking the fate of the bill over California's perceived strength while opining that "no state has a law as strong" as the current federal proposal.

"It's no secret that preemption of state laws has long been a key sticking point when you're trying to deal with compromise," Pallone said. "There are areas, not too many in my opinion, where the California law is stronger and we have made an exception. But basically this amendment would reject all the efforts to come to a compromise by replacing carefully crafted preemption provisions, mindful of some of the states, with a provision that will not set a true federal standard." 

The committee risks losing supporters if the the exclusion of California laws from preemption is not added or sorted by the time a floor vote arrives, according to Matsui, who voted yes to advance the bill out of committee "for more discussion because we aren't there yet." The six committee members from California supported Eshoo's amendment, but comments from some of those members during the markup put into question whether all six would turn their backs on the proposal and encourage others to join during a House floor vote.

"This is a bill that's long overdue and badly needed," Rep. Jerry McNerney, D-Calif., said. "If we don't pass it now then I don't think we're going to have a chance to pass this for a good long time again. I urge the committee to pass this."

The back-and-forth around preemption was the only contentious stretch during the session. Issues raised during the previous subcommittee markup, including children's privacy enhancements and further PRA refinement, were presumably resolved since there was no mention in the latest markup.

Seven bipartisan amendments were adopted without objection, including provisions for authorizing the FTC to regulate security requirements with U.S. National Institute of Standards and Technology consultation, an exemption for data sharing in the context of health research, and an exemption to the data privacy officer requirement for small and medium-sized businesses with fewer than 15 employees. Three partisan amendments besides Eshoo's were offered and immediately withdrawn to avoid hamstringing the committee vote on the full bill while ensuring post-committee discussions would be had.

Committee members' comments throughout the session depicted a genuinely content and united stance regarding the bill's current standing and how far bipartisanship has gotten them.

Committee on Energy and Commerce Subcommittee on Consumer Protection and Commerce Ranking Member Rep. Gus Bilirakis, R-Fla., touted the fact that "all the members have had an opportunity to give their input" and each of those contributions have "made the bill better." Rep. Debbie Dingell, D-Mich., echoed sentiments from Schakowsky in a prior hearing about how Congress "will not let perfect get in the way of the good" with federal privacy legislation and "the absence of action is not an option."

It's unclear when the bill will have its number called on the House floor. In addition to ongoing negotiations regarding preemption and other raised issues that need to be ironed out before a vote, time is short with an August recess and a focus shift to midterm elections looming. What is clear is that House leaders and those lawmakers dedicating time to the proposal do not want to see the clock run out.

"Today’s markup is another milestone towards our ultimate goal of enacting meaningful national privacy legislation," Pallone said. "This legislation is our best hope at protecting Americans privacy and data security, while also providing certainty to American businesses."

This white paper examines the progress made in Congress toward bipartisan agreement on privacy rights over the current legislative session, analyzing the 18 bipartisan federal privacy bills introduced in the 117th Congress.

This tracker organizes the privacy-related bills proposed in Congress to keep our members informed of developments within the federal privacy landscape.

If you want to comment on this post, you need to login.

This white paper examines the progress made in Congress toward bipartisan agreement on privacy rights over the current legislative session, analyzing the 18 bipartisan federal privacy bills introduced in the 117th Congress.

This tracker organizes the privacy-related bills proposed in Congress to keep our members informed of developments within the federal privacy landscape.

The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, promote and improve the privacy profession globally.

The IAPP is the only place you’ll find a comprehensive body of resources, knowledge and experts to help you navigate the complex landscape of today’s data-driven world. We offer individual, corporate and group memberships, and all members have access to an extensive array of benefits.

© 2022 International Association of Privacy Professionals. All rights reserved.

Pease International Tradeport, 75 Rochester Ave. Portsmouth, NH 03801 USA • +1 603.427.9200