Welcome to “Last Week in Privacy!” Each week, OneTrust’s in-house privacy experts will give you the top international privacy industry highlights from last week.


Here’s a quick recap of last week’s top privacy industry headlines:

  1. The latest in draft U.S. privacy legislation has come from the private sector. Intel has released a draft bill for a comprehensive U.S. federal privacy law. According to Intel, the draft uses the Fair Information Practice Principles but, “rethinks” how they relate and work in concert with each other to allow for data use while protecting individuals. The draft also calls for allocating greater resources, oversight and enforcement authority to the FTC and State Attorneys General, and similar to the recent bill drafted by Senator Wyden, includes potential criminal penalties of up to 1 million in fines or up to 10 years imprisonment for corporate executives who intentionally mislead the FTC. In addition to the draft, Intel has also created an online portal where expert discussion and public dialogue about the draft can take place.
  2. San Francisco voters approved a ballot measure requiring companies to secure personal information and disclose data collection practices in order to win government contracts. The measure covers information collected on residents and visitors by any entity that has contracts, leases, or permits with the city of San Francisco. The measure would require companies to abide by 11 principles, including securing data against unauthorized or unlawful disclosure, and having publicly available policies on how to access and rectify personal information.
  3. France’s national data protection authority, the CNIL, published guidance on responsible use of blockchain in the context of personal data and the GDPR. The guidance begins by describing blockchain technology and its characteristics, and how it interacts with the GDPR. The CNIL then goes on to quickly describe it as a tool for accountability and security while acknowledging the challenges of complying with data subject rights such as the right to erasure, and the importance for evaluating its necessity and suitability on a case-by-case basis.. Ultimately, the CNIL did not close the book on blockchain in the context of its compatibility with GDPR, but instead called for additional discussion and research into blockchain as a tool that could support data protection in many areas.
  4. Bulgaria’s National Assembly has adopted a new Cyber Security Act, which regulates the management and organization of the National Cyber Security System, the national cyber security coordinator, response teams within different sectors, as well as a national response team, for cyber security incidents. According to Bulgarian lawmakers, the law aims to secure online stores, search engines and cloud services against cyber attacks in order to protect those sectors identified as potential targets, such as energy, transportation, banking, and others.
  5. A recent survey conducted by Harris Poll and Finn Partners revealed that Americans want more focus on data privacy issues. According to the poll of over 2,000 U.S. citizens, 65% of respondents said that data privacy was the number one social issue that they wanted American companies to address more. The research also produced an index scoring and ranking the U.S.’s most visible companies according to public perception of how they contributed to a variety of social issues.

That’s all for this week, be sure to join us next week for Last Week in Privacy.

Wanting more from our privacy team? Read Brian Philbrook and Andrew Clearwater’s latest posts in CPO Magazine and in IAPP The Privacy Advisor.