A bipartisan group of New York state lawmakers recently introduced privacy legislation that would impose new obligations on businesses related to biometric identifiers and biometric information. The Biometric Privacy Act (“New York BIPA”), introduced on January 6, would limit how companies can collect or disclose biometric identifiers and biometric information, notice and consent to persons whose data is collected, security measures for the storage of such data, and private rights of action. Employers would not be exempted from these requirements, and businesses would only have 90 days to bring themselves into compliance if the proposed law passes. If the law does take effect, New York would be the fourth state to pass such legislation, joining the ranks of Illinois, Texas, and Washington. While the law still is a long way from passing – in fact, this is the fourth biometric privacy bill introduced by New York lawmakers since 2018, with all prior bills having failed – the risks for employers who are non-compliant with the law would be high. For this reason, we recommend all companies doing business in New York pay attention to this proposal and familiarize yourself with this legislation. Here is what you need to know about this potential New York law.
As a result of the United Kingdom and the European Union reaching agreement on the terms of the EU-U.K. Trade and Cooperation Agreement on December 24, 2020, the U.K. and EU have agreed to continue allowing data transfers between the two for an up-to-six-month transition period. During this time, the European Commission will complete an adequacy assessment of the U.K.’s data protection laws. The adequacy assessment is a process by which the EU certifies that a country, or sector within a country, meets EU standards for data protection.