The ADPPA moves out of committee

One of this week’s news stories has to do with the American Data Privacy and Protection Act (ADPPA). Obviously, as privacy professionals, the progress of the ADPPA is very exciting. The US has been in sore need of a data privacy regulation at the federal level — something that standardizes how we treat user data and protects both businesses and consumers alike.

But it’s important to temper our optimism. It’s easy to forget that the GDPR didn’t just appear out of thin air, but was built up on the back of data regulations dating back to the 80s and 90s. While the US has had privacy-related legislation at the federal level in the past, these laws have mostly been highly specific to an industry or certain types of data. That’s not to mention the partisan divide that characterizes our modern political process.

The ADPPA has bipartisan and bicameral support, and it’s progressing through the legislative process at pace. But there’s still a long way to go. We’ll be following its progress in this newsletter and breaking down its major implications in our blog, and while we hope that it fares well in the House and Senate, we’re realistic about the hurdles ahead.

Fingers crossed!
Arlo

The ADPPA moves out of committee
After undergoing debate in the House Committee on Energy and Commerce, the American Data Privacy and Protection Act (ADPPA) will be put before the US House of Representatives for a vote. The amendments include allowing California’s CPPA to serve as the enforcement agency for the ADPPA in California; permitting private right of action two years after the effective date, rather than four; and a continuation of the ban of targeted advertising for individuals under 17, but with different standards for social media companies, large data holders, and other entities.
Read more

Google delays move away from cookies in Chrome to 2024
Google has delayed its phase-out of third-party cookies to the “second half of 2024.” This will be another delay in a series. In June of this year, Google said it would depreciate cookies in the second half of 2023. In January of 2020, it pledged to make the switch by 2022. Anthony Chavez, Google’s VP of Privacy Sandbox, claimed that the most consistent feedback it heard from developers, publishers, marketers, and regulators was the need for “more time to evaluate and test the new … technologies before deprecating third-party cookies in Chrome.”
Read more

Wawa settles with Attorneys General for $8 million after 2019 data breach
In 2019, the convenience store chain Wawa suffered a data breach. Because the convenience store chain failed to deploy reasonable security measures, hackers were able to collect the data from 34 million payment cards used in Wawa stores. A coalition of seven attorneys general, representing New Jersey, Pennsylvania, and other affected states, filed suit. The suit has been settled with an $8 million payment to the various states, as well as with the provision that Wawa will implement tighter security practices, amongst other measures.
Read more

Report: The average cost of a data breach has reached a record $4.4 million
According to a new report from IBM, the average cost of a data breach has reached an all-time high of $4.4 million, a 13% jump since 2020. What’s more, half of the organizations surveyed claimed to have passed the cost of data breaches onto their customers through higher prices for products and services.
Read more

Spotlight on Osanians: Get to know Seanna
Ever wished you could get to know the people hard at work keeping the world compliant with data privacy regulations? Our Spotlight on Osanians series shines a light on the people we’re proud to call our coworkers. This post focuses on Seanna Tucker, a senior content strategist here at Osano. Check out Seanna’s interview here.