.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.webp?width=1220&height=1090&name=Osano-guarantee-seal%20(1).webp)
Hello all, and happy Thursday!
Last month, the UK’s Information Commissioner’s Office (ICO) fined Reddit £14.47m for failing to verify users’ ages under the Online Safety Act. These days, age verification seems like legislators’ new hyperfixation, with dozens of nations and states introducing age verification legislation aimed at protecting underage users from being exposed to potentially harmful content.
Unfortunately, age verification services are ripe for privacy abuses. In the ICO’s announcement regarding Reddit’s fine, the Information Commissioner stated that, “Children under 13 had their personal information collected and used in ways they could not understand, consent to or control.” It’s a little on the nose that age verification services, especially those that rely on biometric analysis, do the very same!
Considering the sorts of activities age verification providers get up to, privacy advocates should be looking at age verification legislation and technologies with a healthy dose of skepticism.
Best,
Arlo
New from Osano
Podcast: AI Doesn’t Need More Data; It Needs Context with Philip Rathle of Neo4j
We sit down with Philip Rathle, Chief Technology Officer of Neo4j, to explore a question that’s becoming urgent in the age of AI: What happens when powerful models operate without context, governance, or explainability?
Blog: Navigating Identity in a Cookieless, Compliant World
At the March 2026 MarTech Conference, industry leaders gathered to discuss the marketing’s movement away from passive tracking and toward active relationships built on transparency. The session, “Navigating identity in a cookieless, compliant world,” featured insights from Craig Schinn of Actable, Jay Mandel of the Clean Data Alliance, Ana Mourao of Stanley Black & Decker, and Amar Ramakrishnan of Osano. Read about their takeaways and watch the panel here.
Events
Customer Q&A: Power Your Marketing Engine on The Right Fuel: Why Privacy Compliance Is Key
At the Association of National Advertisers’ (ANA’s) March 24th Atlanta conference, Osano and Policy & Regulatory Advisor Latoya Davidson will show how Compliance and Marketing can partner together to activate data with confidence, reduce risk, win trust, and accelerate decision-making.
Top Privacy Stories of the Week
Colorado Artificial Intelligence Policy Workgroup Introduces Revised AI Act Framework
Recently, the Colorado AI Policy Work Group provided strong support for a policy framework that addresses the use of AI and automated decision-making technologies (ADMT) in consequential decisions about consumers. The revision marks a change in momentum after several stalled attempts to operationalize Colorado’s AI law.
Reddit User Uncovers Who Is Behind Meta’s $2B Lobbying for Invasive Age Verification Tech
A Reddit researcher just exposed how Meta funneled over $2 billion through shadowy nonprofits to push age verification laws that would force Apple and Google to build surveillance infrastructure into every device—while conveniently exempting Meta’s own platforms from the same requirements.
UK Regulator Fines Reddit £14.47 Million Over Children’s Data Privacy Violations
The UK Information Commissioner’s Office (ICO) has fined Reddit £14.47 million after finding the platform unlawfully processed children’s personal data and failed to implement adequate safeguards to verify the age of its users. Its investigation revealed that Reddit lacked robust age assurance mechanisms, allowing children under the age of 13 to access the platform despite the company’s terms of service prohibiting their use. As a result, the regulator concluded that Reddit did not have a lawful basis for processing the personal information of those users.
Brazil’s Online Safety Law Takes Effect
Brazil’s new legislation creating stricter rules to protect children online, known as the ECA Digital, officially took effect on Tuesday, six months after its approval in Congress. Under the law, platforms could face warnings and fines of up to $10 million for violations. In extreme cases, the companies may face suspensions and outright bans from the country, imposed by Brazilian courts.
EU Fails to Extend Rules on Child Abuse Content Detection by Online Platforms
EU countries and lawmakers on Monday failed to agree to an extension of a temporary measure governing how Alphabet, Meta Platforms, and other online platforms tackle child sexual abuse material, leaving a legal vacuum on the issue. The current system of voluntary detection and removal of online child sexual abuse by companies, which exempts them from strict online privacy rules, has been in place since 2021 and will expire on April 3.
Like what you see in the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📱 The Osano Subreddit
Join our official subreddit to stay up to date on the latest news, analysis, guidance, and content from Osano!
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
