The California Privacy Protection Agency announced this month that it, along with six other states, will be forming a new group called the “Consortium of Privacy Regulators.” (The other states are Colorado, Connecticut, Delaware, Indiana, New Jersey, and Oregon.) Members include the Attorneys General from these states, as well as California’s privacy regulator (the CPPA).
While these states may have slightly different privacy laws (see our U.S. State Comprehensive Privacy Law tracker for an overview), the group in its announcement reminded readers that there are many to ways in which the laws are similar. These include giving consumers rights -like access and deletion. Through the consortium, members intend to share resources and coordinate enforcement. They also announced their plan to use the consortium to promote a consistent interpretation of laws across jurisdictions. The CPPA press release indicated a goal is to minimize harm from data misuse, particularly health, geolocation and children’s data.
Putting it Into Practice: We anticipate that there may be cross-state action for violations of state “comprehensive” privacy laws, which could result in larger penalties. Companies may want to review their current practices, especially in areas that have been identified as issues of focus.