Data Privacy in 2021: 10 Moments That Shaped the Year
Each year OneTrust DataGuidance compiles a report of the ten most significant moments in privacy from the past 12 months. 2021 has been a year like no other with plenty of major developments taking place across Europe, the US, Asia, the Middle East, and Africa. As privacy professionals, there may be some regulatory updates that still need to be made sense of, but it is important to pause and reflect on how drastically the privacy landscape has changed in just 12 months.
Privacy Developments in 2021
This year, the LGPD’s enforcement provisions entered into effect following the commencement of the LGDP’s other articles in September 2020. Asia-Pacific saw several privacy developments in India, Pakistan, Sri Lanka, and Thailand, although the passing and entry into effect of the Data Security Law (DSL) and the Personal Information Protection Law (PIPL) in China were some of this year's biggest talking points from the region.
In the Middle East, the ADGM's Data Protection Regulations 2021 were released along with a comprehensive eight-part suite of guidance materials, and Saudi Arabia’s Personal Data Protection Law (PDPL) was published. Across Africa, there were new data protection laws being enacted, notably in Rwanda and Zimbabwe. And the final provisions of South Africa's POPIA entered into force eight years after the law’s initial promulgation.
In Canada, Quebec’s Bill 64 received Royal ascent and was signed into law overhauling the existing privacy framework in the region. In the US, several comprehensive state privacy bills were tabled with several significant states seeing their proposals die on the house calendars. However, the Governor of Virginia did sign the Consumer Data Protection Act into law in March and Colorado followed suit a few months later making the Colorado Privacy Act the latest state privacy bill signed into law. While state legislators were busy this year, talks continued over a federal privacy bill with many new proposals being tabled.
And if all that wasn’t enough, Europe has seen most of the action again this year. The deadline for Member State implementation of the EU Whistleblower Directive passed on December 17, with many Member States still making their way through legislative processes. On cookies, 2021 saw many EU Member States issue comprehensive guidance including the CNIL’s final guidelines which entered into force in March, whilst the Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (TTDSG) entered into force in Germany.
The UK Government also initiated post-Brexit reforms by proposing wide-reaching changes to the data protection regime in the country. However, the biggest headline of this year (and last year's) was the continuing fallout from the Schrems II decision. Many of us had waited with bated breath for the European Commission to issue their modernized SCCs and for the EDPB to adopt their final guidelines on the appropriate supplementary measures for international data transfers which they both did in June. Both developments brought new administrative challenges
Further resources:
- OneTrust DataGuidance Infographic: Data Privacy in 2021: 10 Moments That Shaped the Year
- Keep up to Date: OneTrust DataGuidance Free Trial
- OneTrust DataGuidance Blog: Keeping up to Date With Global Privacy Updates