Lexology November 18, 2021
While the United States has typically taken a more hands off approach to data privacy than other countries such as those in the EEA, that is beginning to change. Historically, US privacy regulators and legislators have taken a sectoral approach, regulating specific types of data, particularly sensitive data, such as health data and financial data. Three states, however, have now passed comprehensive privacy regimes similar to GDPR. They are California, Virginia, and Colorado. It is fully expected that other states will follow.
California Privacy Rights Act
California, as usual, led the charge on passing a GDPR-style, comprehensive privacy law when it passed the California Consumer Privacy Act (CCPA) in 2018. CCPA has been in force since 1 January 2020.
Late...