Welcome to “Last Week in Privacy!” Each week, OneTrust’s in-house privacy experts will give you the top international privacy industry highlights from last week.


Here’s a quick recap of last week’s top privacy industry headlines:

  1. The European Commission has launched the process for officially adopting its adequacy decision on Japan, following EU-Japan talks on data protection and reciprocal adequacy in July. Japan has also started their process for recognizing the adequacy of the EU, as well. According to Commissioner Vera Jourova, the adequacy agreement between the EU and Japan will create the world’s largest area of safe data flows, will promote global standards and set an example in the area of data protection and cross border data transfers.
  2. The U.S. Department of Commerce’s National Institute of Standards and Technology has announced that it is developing a voluntary privacy framework to serve as a tool for organizations to better identify, assess, manage and communicate about privacy risks. According to NIST, creating the framework will be a collaborative effort, and will be modeled based on the success of their popular Cybersecurity Framework. NIST will be hosting a series of public workshops to facilitate this collaborative effort, with the first taking place on October 16th in Austin, Texas.
  3. Apple has announced that soon they will be requiring all apps and updates on their App Store to include a link to the developers’ privacy notice. Previously, this rule only applied to subscription-based apps—but now, the rule will apply across the board. This means that developers of any type of app will have to inform users of the data they collect, how it will be used, who it will be shared with and more.
  4. The California Legislature recently passed amendments to the California Consumer Privacy Act of 2018. The bill includes an amendment extending the deadline for the California Attorney General to draft and adopt implementing regulations to July 1, 2020, six months after the CCPA comes into effect. To account for this extension, the bill also delays the AG’s ability to bring enforcement actions under the CCPA until six months after publishing those regulations, or July 1, 2020, whichever comes first. The bill also includes amendments that clarify the definition of personal information, as well as when a consumer’s private action applies, and it removes the procedural requirement for consumers to notify the Attorney General if and when they do bring an action against a business

That’s all for this week, be sure to join us next week for Last Week in Privacy.

Wanting more from our privacy team? Read Brian Philbrook and Andrew Clearwater’s latest posts in CPO Magazine and in IAPP The Privacy Advisor.