Data Privacy Buy-In: The Usual Suspects and What to Say to Them
Getting the business to say “yes” to data privacy isn’t easy. Yet it...
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Updated: March 21, 2023
Published: January 6, 2022
There's no shortage of legal proposals hitting the EU this year. The bills to watch in the upcoming months would impose significant obligations on the organizations they cover. They aim to modernize EU law with technologies that have exploded in the last couple of decades or so.
Here are the highlights.
The European Commission aims to upgrade its rules on digital services in the EU. It’s doing this using two proposed laws to form a single set of rules across the EU. They’re called the Digital Services Act and the Digital Markets Act. Together, they aim to protect users and establish a “level playing field to foster innovation, growth and competitiveness.”
Think of anything delivered via the internet when you think of digital services. That could be a music streaming service or an e-book or a website.
The Digital Services Act would cover:
Its obligations vary depending on an organization’s size, but they can include monitoring of third-party vendors, external risk auditing and codes of conduct.
While the internal market committee at the European Parliament has given its approval, the bill will face Parliament in its entirety in January 2022.
The Digital Markets Act would cover the largest digital platforms, known as “gatekeepers,” under the proposal. Think companies like Facebook, Apple, Microsoft and Google. It aims to level the playing field for digital companies of all sizes. It would create rules for major internet platforms that would prevent them from imposing “unfair conditions on businesses and consumers.” For example, a company like Amazon wouldn’t be allowed to rank products on its site in a way that gives Amazon’s own products and services an advantage.
It would also give the European Commissioner the power to carry out investigations and sanction bad behavior and update the law’s obligations as needed.
The European Parliament passed the Digital Markets Act, and it now heads to the European Commission for negotiations.
The e-Privacy Regulation has been a long time coming. It aimed to come into force alongside the EU’s General Data Protection Regulation in 2018 but has stalled for years. The e-Privacy Regulation would create privacy rules for traditional electronic communications services and entities that weren’t covered by the former law, the e-Privacy Directive, such as WhatsApp, Facebook Messenger, and Skype.
It would create stronger rules on electronic communication’s privacy, and it would apply to not only communications content but “metadata,” that is, data that describes other data. Under ePrivacy, service providers and electronic communications networks have to get prior consent from the user before processing their electronic communications metadata.
It would also, importantly, create simpler rules on cookies. It would allow users to consent or deny tracking cookies at the browser level, and it would also clarify that websites do not need to get consent for what is called “non-privacy intrusive cookies.” Those cookies allow website features like “shopping carts” to keep track of what a user has ordered. It would also require that organizations allow end-users to withdraw their previously-granted consent at least once per year.
The EU’s Artificial Intelligence Act would apply to any company doing business in the EU that develops or adopts machine-learning-based software. It would apply extraterritorially, meaning the law will cover companies based elsewhere if they have customers or users inside the EU.
The AI Act would ban the following:
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Osano Staff is pseudonym used by team members when authorship may not be relevant. Osanians are a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.