.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.webp?width=1220&height=1090&name=Osano-guarantee-seal%20(1).webp)
Hello all, and thanks for reading today.
This week, our newsletter features two very different bellwethers for AI regulation.
In the EU, the European Data Protection Board (EDPB) released its opinion on how AI developers might compliantly use personal data in their models. Overall, the opinion underscored the importance of robust data privacy practices when developing or deploying an AI model, particularly privacy by design and assessments.
In the US, soon-to-be President Trump tapped David Sacks to serve as his AI and crypto czar. Sacks is a venture capitalist who recently co-founded an AI chat company. It’s pretty clear that Sacks and the Trump administration intend to take a hands-off, deregulatory approach to AI innovation—though whether that extends to the privacy aspect of AI development remains to be seen.
It seems like AI regulation in the US and EU is falling into the same pattern as privacy regulation. The EU will launch broad, comprehensive, and consumer-friendly regulations that apply across the union; in the US, individual states will deploy their own regulations, most of which will tend to be more business-friendly. As AI technology and its corresponding regulations mature, it’ll be interesting to see which approach yields better outcomes.
Best,
Arlo
Highlights from Osano
What's New
Blog: 5 Privacy Trends for 2025: What to Watch For
Change is the only certainty in life. What changes can you expect to see in data privacy in 2025?
In Case You Missed It...
Blog: Privacy Risk Quantification: How to Develop the Right Scoring Methodology
Privacy risk can seem awfully abstract—until you quantify it. This article shows you how to develop a scoring methodology at your organization.
On-Demand Webinar: 2025 Privacy Law Preview: Be Prepared
Osano’s Rachael Ormiston teams up with Husch Blackwell’s Shelby Dolen and TK Lively to break down the new requirements businesses will face in 2025.
Upcoming Webinars and Events...
More Laws? No Problem! How to Get More Done in 2025
With more privacy laws to keep track of in 2025, you may be expecting a bigger workload than last year. That doesn’t have to be the case. In this webinar, Osano’s Cait Ward and Chris Simpson teach you how to move faster, gain visibility, shorten the time to deploy banners and assessments, and automate in all the right places.
Save Your Seat | January 16th
Top Privacy Stories of the Week
European Data Protection Board (EDPB) Publishes Its Opinion on AI and Data Protection
The EDPB recently published its opinion on how AI developers might use personal data to develop and deploy AI models, without falling foul of the EU’s privacy laws. The opinion touches on when and how AI models can be considered anonymous and thereby exempt, whether legitimate interest can be used as a legal basis, and what happens to AI models developed with unlawfully processed personal data.
Congress Considers New Cybersecurity Legislation Adjunct to HIPAA
In the wake of a recent health industry ransomware attack, the federal government’s regulation of cybersecurity through HIPAA (Health Insurance Portability and Accountability Act) has come under intense scrutiny. In response, a bipartisan bill has been introduced to Congress that details a new law that stands beside HIPAA called the Health Infrastructure Security and Accountability Act (HISAA), which would create significant new security requirements for HIPAA-covered entities and business associates, especially those that governmental authorities consider to be important to US national security.
Australian OAIC Secures Landmark Settlement of $50m from Meta
Recently, the Office of the Australian Information Commissioner (OAIC) agreed to a $50 million payment program from Meta to settle civil penalty proceedings related to the Cambridge Analytica scandal.
FTC Provides Recommendations for Cyber Risk Reduction When Training AI
As companies depend on accumulating more consumer data to develop products such as artificial intelligence, targeted advertising, or surveillance pricing tools, they may create valuable pools of information that bad actors can target for illicit gain. As a result, the Federal Trade Commission (FTC) has provided guidance to enable businesses to address systemic causes of risk through the lens of data management, software development, and product design.
Trump Taps David Sacks as AI and Crypto Czar
President-Elect Donald Trump has announced that David Sacks, a prominent Silicon Valley investor, member of the “PayPal Mafia,” and co-founder of an AI company, will serve as the “White House AI & Crypto Czar.” Sacks’ appointment is widely viewed as a sign that the Trump administration will fulfill its campaign promises to take a pro-industry, deregulatory stance on AI.
Like what you hear from the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
