Welcome to “Last Week in Privacy!” Each week, OneTrust’s in-house privacy experts will give you the top international privacy industry highlights from last week.

  1. In California, new legislation has been proposed to amend the California Consumer Privacy Act. The proposed amendments were introduced by California Attorney General Xavier Becerra and Senator Hannah-Beth Jackson, and if successful, would remove requirements for the Office of the Attorney General to provide opinions on CCPA compliance to businesses and private parties at the expense of taxpayers. The amendments would also expand the private right of action to apply to any violation of the Act, rather than just in the cases of personal data breaches; and would remove language that gives businesses 30 days to cure alleged violations.
  2. Massachusetts has enacted a new law on credit data security. Among other things, the legislation will require third parties to obtain consent prior to obtaining a consumer’s credit report, and requires credit reporting agencies to allow consumers to place and lift security freezes on their credit reports at no cost. The law also increases breach notification requirements for holders of consumer data and requires free credit monitoring to be offered to affected consumers in certain circumstances.
  3. In Washington State, the Washington Privacy Act has taken another step toward being passed as it entered committee for public hearing for the second time. The bill has received extensive support from both lawmakers and the private sector, including support from Microsoft General Counsel and former FTC Commissioner Julie Brill. Some concerns that were expressed during the hearing included issues with the bill’s level of clarity around federal law exemptions, as well as with how enforcement will take place without a designated privacy regulator in the bill. The senate bill and its companion bill in the house are scheduled to continue moving through committee process before heading to the house and senate floors.
  4. The U.S. Federal Trade Commission announced its largest settlement ever in a COPPA case. The FTC reached a 5.7 million dollar agreement with video social networking app Musical.ly (now known as TikTok) to settle alleged violations of the Children’s Online Privacy Protection Act. According to the FTC, the operators of the app had actual knowledge that children under the age of 13 were using the app but failed to seek parental consent prior to collecting their personal information. In addition to the monetary payment, the settlement also requires the app’s operators to comply with COPPA moving forward and to remove any videos made by children under the age of 13.
  5. Thailand has officially passed its own Personal Data Protection Act, which like many other new privacy laws around the world is in many ways modeled after the European GDPR. In addition, Thailand’s military-appointed parliament also passed a controversial new Cybersecurity law that gives broad new powers to state cyber agencies to access computer data and networks, make copies of information, seize devices, as well as to summon individuals for questioning and enter private property without the need for a court order in the case of actual or anticipated serious cyber threats.
  6. And lawmakers in Singapore are actively reviewing the Personal Data Protection Act of 2012 and recently revealed their plans to add data portability requirements to the law. The stated goals of the proposal are to ease data flows between service providers and provide consumers with greater control over their data. According to the PDPC, adding a data portability component to the law would broaden the diversity and volume of data available for companies to use to develop better products and services, while at the same time giving consumers more control and flexibility over the data they share.

That’s all for this week, be sure to join us next week for Last Week in Privacy.