.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.webp?width=1220&height=1090&name=Osano-guarantee-seal%20(1).webp)
Hello all, and happy Thursday!
By now, you’ve no doubt caught up on the US’s 20th state data privacy law from Oklahoma (and if you haven’t, we’ve linked to a handy overview below). But did you know that there may soon be a 21st?
The Maine Online Data Privacy Act has been advancing through the Maine legislature in recent weeks. As of this writing, it’s waiting on a few final votes before heading to Governor Mills’ desk for her signature or veto. If it passes, we’ll be sure to keep you updated on what, if any, changes you’ll need to make in order to stay compliant.
Best,
Arlo
In Case You Missed It...
Blog: Oklahoma's Data Privacy Law: What Businesses Need to Know About SB 546
After nearly a decade of legislative attempts, Oklahoma has joined the growing ranks of states with a comprehensive consumer data privacy law, making it the 20th state with such a law on the books. SB 546 takes effect on January 1, 2027, giving businesses roughly nine months to prepare. Do you need to comply, what rights do Oklahoma consumers have, what obligations does your organization face, and how can you start preparing?
Events
In-Person Event: ANA Masters of Data–Data Privacy: Legal’s Problem or Your Opportunity?
At the Association of National Advertisers’ (ANA’s) Masters of Data conference on April 13th, Senior Vice President of Marketing Shane Coker will explain why privacy compliance matters for marketers, why it’s more than just a checkbox exercise, and how to turn privacy into a revenue driver for your brand.
Top Privacy Stories of the Week
CA Governor Newsom Signs Executive Order on AI Privacy, Security, & Transparency
Governor Gavin Newsom issued an executive order directing the Government Operations Agency to develop a plan for new state contracting processes and best practices that vet companies based in part on how they attest and explain their policies and safeguards to protect the public from illegal content, bias, and rights violations, among other requirements.
FTC Takes Action Against Match and OkCupid for Deceiving Users by Sharing Personal Data with Third Party
The Federal Trade Commission has settled with OkCupid and its affiliate Match Group Americas over allegations OkCupid deceived users of its dating app by sharing their personal information, including photos and location information, with an unrelated third party, contrary to OkCupid’s privacy promises. As part of a settlement, OkCupid, operated by Dallas-based Humor Rainbow, Inc., and Match Group Americas, which provides services for Humor Rainbow, will be prohibited from misrepresenting its privacy policies.
California District Court Upholds Transparency Requirements for Generative AI Training Data
California’s new law requiring generative AI developers to publish high-level summaries of their training data remains in force upon surviving its first challenge in federal district court. This decision comes at a time when the federal government is also in the process of beginning to weigh in on the development of state AI laws.
Webinar Hosting Platform Discovered to Surreptitiously Scrape and Redistribute Private Zoom Webinars
CyberAlberta recently discovered that a webinar hosting platform known as WebinarTV is actively scraping and redistributing both public and private Zoom webinars without knowledge or consent of organizers. Initial access is typically gained through third-party browser extensions such as AI-powered transcription or auto-join tools. These extensions are inadvertently provided calendar permissions by their users and, in some cases, users are willfully submitting meeting details to the WebinarTV platform without the knowledge or consent of the organizers.
Hasbro Says It Was Hacked, And May Take ‘Several Weeks’ to Recover
American toy-making giant Hasbro has confirmed a cyberattack, and the company says it may take “several weeks” before the incident is resolved. The owner of properties including Transformers, Peppa Pig, and Dungeons & Dragons said in a legally required disclosure with the U.S. Securities and Exchange Commission on Wednesday that it detected an intrusion on March 28, which prompted the company to take down some of its systems.
Like what you see in the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📱 The Osano Subreddit
Join our official subreddit to stay up to date on the latest news, analysis, guidance, and content from Osano!
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
