Welcome to Last Week in Privacy! Each week, OneTrust’s in-house privacy experts will give you the top international privacy industry highlights from last week.

  1. In the EU, the European Parliament approved the new Open Data and Public Sector Information Directive, which according to lawmakers is intended to improve the availability and innovative use of public and publicly-funded data, helping to fuel technological development. The Directive will now go to the Council of the EU for approval, and if successful, EU member states would have two years to implement the rules. The Directive would replace the Public Sector Information Directive, which governs the re-use of data generated by public sector bodies for both commercial and non-commercial purposes.
  2. A Bipartisan group of U.S. lawmakers are pushing new legislation to combat unsolicited and masked robocalls to cell phone users, a practice commonly known as “spoofing.” New bills moving through the House and Senate would require major phone carriers to implement new technology to notify consumers of the origin of incoming calls and whether the number has been verified, and to make this service available at no additional cost to consumers. According to industry estimates, over 26 billion robocalls were made to Americans in 2018, with almost a third of those being spoofing calls. The bill has received support from all 50 state attorney generals, and is moving quickly through Senate and House Committees.
  3. Senator Ed Markey of Massachusetts announced that he would be introducing a new bill to protect children when using the Internet. The bill, known as the “Kids Internet Design and Safety” or “KIDS Act,” would require online platforms implement solutions to help keep harmful and adult content away from the view of child users. The bill would also limit the use of targeted advertising toward children, create a more bright line between what is considered content and advertising, including more clear labeling of content, and address the “manipulative design” used by some platforms to keep child users online longer. The bill would also give the Federal Trade Commission enforcement capabilities, including the power to levy fines and other sanctions.
  4. Lawmakers in Singapore are reviewing proposed legislation that would hold website operators accountable for the spread of fake news. Specifically, the bill would require site operators to publish corrections and take down falsehoods, and disable face accounts or bots that spread false information in certain situations. Additionally, the bill would include criminal sanctions for those who help spread false information online with the intent to undermine or prejudice the public interest, including fines of up to $740,000 dollars and 10 years in prison.
  5. The French data protection authority, the CNIL, has adopted a model regulation for biometrics in the workplace, which specifies the obligations of employers who wish to use biometrics for controlling access to physical spaces, information systems, and more. The regulation was adopted in response to France’s national law implementing the GDPR, which provides that biometric devices may be used by employers so long as they comply with a standard regulation drawn up by the CNIL. The regulation was drafted with the help of an extensive public consultation and is binding on French organizations who utilize biometric data in the workplace.

That’s all for today. Thanks again for watching Last Week in Privacy, and I’ll see you next time.