August And September Data Privacy Law Updates


data privacy law


As the year moves towards its close, many data privacy laws have come into effect, with even more introduced for approval.  

In this blog we will summarize the latest data privacy law updates in the U.S. as well as the rest of the world. 


United States 


  • Illinois passed the Protecting Household Privacy Act, which regulates the access and use of home electronic data by law enforcement. 

  • Ohio introduced the Ohio Personal Privacy Act, which applies to organizations doing business in Ohio or who target residents of the state. 

  • The Virginia Consumer Data Protection Act was passed. 

  • The Colorado Privacy Act was passed by Colorado General Assembly. 

  • The Oklahoma Computer Data Privacy Act of 2022 or House Bill 2968 (HB 2968) was introduced to the Oklahoma Senate. 

  • California introduced two new health information protection laws to the governor, namely the Assembly Bill 1436 (AB 1436) and Senate Bill 41 (SB 41). 


According to iapp, the following privacy bills were introduced to the House of Representatives, Senate or both: 

  • H.R.651: Public Health Emergency Privacy Act  

  • S.81: Public Health Emergency Privacy Act  

  • H.R.778: Secure Data and Privacy for Contact Tracing Act of 2021  

  • S.199: Secure Data and Privacy for Contact Tracing Act of 2021  

  • H.R.847: Promoting Digital Privacy Technologies Act  

  • S.224: Promoting Digital Privacy Technologies Act  

  • H.R.2039: Protecting Investors’ Personally Identifiable Information Act  

  • S.1209: Protecting Investors’ Personally Identifiable Information Act  

  • H.R.474: Protecting Consumer Information Act of 2021  

  • H.R.1781: PROTECT Kids Act  

  • H.R.1816: Information Transparency & Personal Data Control Act  

  • H.R.1871: Transportation Security Transparency Improvement Act  

  • H.R.2980: Cybersecurity Vulnerability Remediation Act  

  • S.24: Protecting Personal Health Data Act  

  • S.47: APP Act  

  • S.113: BROWSER Act of 2021  

  • S.919: Data Care Act of 2021  

  • S.1494: Consumer Data Privacy and Security Act of 2021  

  • S.1628: Children and Teens’ Online Privacy Protection Act  

  • S.1667: Social Media Privacy Protection and Consumer Rights Act of 2021  

  • S.2052: Facial Recognition and Biometric Technology Moratorium Act of 2021  

  • S.2134: Data Protection Act of 2021  

  • S.2499: Setting an American Framework to Ensure Data Access, Transparency, and Accountability Act  




  • Quebec adopted Bill 64 to update and modernize its framework on personal data protection. 

  • The Personal Health Information Protection Act (PHIPA) was introduced by lawmakers in Ontario. 


Rest Of The World 


  • China passed the Personal Information Protection Law (PIPL) which will take effect on 1 November 2021. 

  • Uruguay announced updates to its international data transfer regime. 

  • The European Commission introduced the Cyber Resilience Act which aims to set common cybersecurity standards for connected devices. 

  • Saudi Arabia passed the Personal Data Protection Law, which will take effect on 13 March 2022. 

  • Lawmakers in Mongolia introduced a draft of a Protection of Personal Information law, which if approved, will come into effect on 1 November 2021. 

  • Sri Lanka has published a draft of a new personal data protection bill. 

  • Zimbabwe’s parliament passed a controversial cybersecurity bill giving the Postal and Telecommunications Regulatory Authority of Zimbabwe power to regulate and control data. 

  • Japan's Personal Information Protection Commission published amendment guidelines to the Act on the Protection of Personal Information (APPI). 

  • Now that it is no longer part of the EU and subject to the GDPR, the UK government released a consultation document on data protections for public comment until 19 November 2021. 

  • The UK Children's Code came into effect on 2 September 2021 and applies to companies that offer online services in the U.K. and handle children's personal data. 

  • The United Arab Emirates announced the introduction of a new federal Data Protection Law. 


Take the first step towards organizational compliance by introducing sensitive data discovery and data masking to your security framework. Hush-Hush data privacy tools were designed in line with the requirements of data privacy laws such as the GDPR, HIPAA and GLBA and exemplify the philosophy of Privacy By Design. 


Start your free trial today.   

  free demo

BuildNumber = dev_20210906.1