Debevoise Discusses What the GDPR Can Tell Us About State Privacy Laws

The EU’s General Data Protection Regulation 2016 (the “GDPR”) changed the global privacy landscape, and has been called the “gold standard” for data protection regulation. Recently, a number of U.S. states have introduced privacy laws, which borrow certain GDPR concepts (the “State Privacy Laws”): the Californian Consumer Rights Privacy Act 2020 (the “CPRA”) which amends the California Consumer Privacy Act (the “CCPA”); the Virginia Consumer Data Protection Act; the Colorado Protection of Personal Data Privacy Act (the “CPA”); the Connecticut Public Act Concerning Personal Data Privacy & Online Monitoring; and the Utah Consumer Privacy Act.

Thus far, … Read more