ATP Monitors Privacy Laws


ATPSC International Privacy Subcommittee Provides Bulletins to Members



ATP continues to follow the progression of privacy initiatives, from the European Union’s General Data Protection Regulation (GDPR) which went into effect in May 2018, to new initiatives cropping up in state legislatures across the U.S.  “The need for federal law in the U.S. that would preempt state laws is becoming increasingly important as the landscape of state laws is getting more varied,” ATP General Counsel Alan Thiemann reported.

Thiemann, pointed to the California Consumer Privacy Act (CCPA), which goes into effect in 2020 (but is still being amended), and a recent new law in New York, the Stop Hacks and Improve Electronic Data Security Handling (SHIELD) Act, where the privacy provisions go into effect in October 23, 2019 and the data security provisions go into effect next March 21, 2020. More than a dozen other states considered bills in 2019, which will continue in 2020.  And for companies that don’t comply with these initiatives, Thiemann warned, there can be hefty consequences, such as the $125 million fine recently imposed on Marriott by the UK for violating the GDPR.

To assist ATP members in navigating the legalities inherent in these new laws, the ATP International Privacy Subcommittee, headed by Co-Chairs Gary Behrens of Fifth Theory and John Kleeman of Questionmark, is releasing a series of "Privacy in Practice" Bulletins that will provide practical information, outline principles, and provide guidance that test publishers should use to comply with the General Data Protection Regulation (GDPR) mandate in the European Union (EU), and current and/or upcoming privacy laws in the U.S. and elsewhere around the world.

“For testing companies whose market is truly global, it is important they understand the legal and practical scope of how to achieve compliance across the breadth of jurisdictional laws. Our intent is to help test providers and their customers, as well as assessment service providers, understand the responsibilities under these various national and international laws, with clear and easy-to-understand information,” noted the Subcommittee in its first Bulletin, adding that the Bulletins can be shared with customers.

Thiemann recommended that test providers and test users should consult with legal counsel as to their responsibilities for legal and regulatory compliance requirements in specific situations – but he said, "the Bulletins should be helpful in providing overarching guidance in the increasingly complicated privacy landscape."

[Editor's note: The Bulletins are accessible to ATP members by logging into the ATP website at and choosing Legal/Legislative Updates from the Members Only drop down menu]