Last Week in Privacy- July 10, 2018

Welcome to “Last Week in Privacy!” Each week, OneTrust’s in-house privacy experts will give you the top international privacy industry highlights from last week.

Here’s a quick recap of last week’s top five privacy industry headlines:

  1. The European Parliament passed a non-binding resolution calling for the European Commission to suspend the EU-U.S. Privacy Shield framework if significant improvements are not made by September 1st, citing concerns about the level of monitoring and enforcement of the agreement, as well as the recent adoption of the U.S. CLOUD Act. In response, the U.S. Department of Commerce issued a statement saying that they were “surprised and disappointed” with the vote, and called the information in the resolution “inaccurate and misleading.” The Second Annual Review of Privacy Shield is scheduled for October.
  2. The new European Data Protection Board held its second plenary meeting where they addressed a variety of issues including one-stop-shop under the GDPR, cross-border data transfer, and the future of Privacy Shield, in which they met with Ambassador Judith Garber to discuss various concerns that have been raised about the framework by EU officials.
  3. A new Privacy Code for Australian Government Agencies has gone into effect, requiring agencies to hire privacy officers, produce written policies on the handling of personal information, and conduct and publish privacy impact assessments. The code will also require agencies to regularly assess the adequacy of their privacy practices, procedures and systems, and to provide ongoing privacy training and education to government employees.
  4. Research conducted by the International Association of Privacy Professionals estimates that the new California Consumer Privacy Act of 2018 will apply to more than 500,000 U.S. companies, the vast of majority of which are small- to medium-sized enterprises. The Act is scheduled to take effect on Jan. 1, 2020.
  5. A new data protection bill in Brazil has won preliminary approval from national lawmakers and will face analysis by the senate. Seemingly inspired by the GDPR, the proposed bill would create a general legal framework for protecting data about individuals and businesses online, including the formation of a national data protection authority, and requirements for obtaining consent before using certain information for commercial use. Like the GDPR, the proposed bill includes fines of up to 4% of revenue for violations, and has extraterritorial scope, which would mean that any company that merely does business in Brazil may be subject to its requirements.

That’s all for this week, be sure to join us next week for Last Week in Privacy.

Wanting more from our privacy team? Read Brian Philbrook and Andrew Clearwater’s latest posts in CPO Magazine and in IAPP The Privacy Advisor.