This year the US data protection framework promises many twists. California has recently voted through the Proposition 24, or California Privacy Right Act, which shall enter into force in 2023 and it is one of first acts in America to be substantially similar to GDPR (the California Consumer Privacy Act had a limited scope). It is also expected that California will set up its data protection authority in around July 2021, while Congress is discussing the possibility of establishing a Federal Data Protection Authority. Finally, Virginia, Oklahoma and Washington have recently introduced privacy-related acts.
However, from an EU standpoint, it has been pointed out that all of those will not assist the current situation for companies after the Schrems II case. The European Parliament wants a revision of all the surveillance laws, including the US Foreign Intelligence Surveillance Act, in order to allow the use of new Standard Contractual Clauses or grant a “privacy shield 2.0”.