.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.webp?width=1220&height=1090&name=Osano-guarantee-seal%20(1).webp)
Hello all, and happy Thursday!
The US is officially up to 20 state comprehensive privacy laws with the passage of Oklahoma’s SB 546! (Florida’s law is usually excluded from this count, as it only applies to businesses with over $1B in revenue).
For businesses that just got used to the current state of privacy compliance in the US, this new law won’t be too much of an upset–it broadly follows the standards set out in Virginia’s privacy law model.
What is unique about this law is the relatively short runway for compliance; businesses have until the start of 2027 to get compliant. Since most businesses have had plenty of time to comply with other privacy laws in the US, this shorter on-ramp should hopefully not be too much of a burden. Scroll down to check out our write-up on the law!
Best,
Arlo
P.S. To listeners of the Privacy Insider Podcast: I’ll be taking a brief hiatus from the podcast for the near future. The podcast isn’t going away! And if you’re not a regular listener, this is a great opportunity to work your way through the archive.
New from Osano
Blog: Oklahoma's Data Privacy Law: What Businesses Need to Know About SB 546
After nearly a decade of legislative attempts, Oklahoma has joined the growing ranks of states with a comprehensive consumer data privacy law, making it the 20th state with such a law on the books. SB 546 takes effect on January 1, 2027, giving businesses roughly nine months to prepare. Do you need to comply, what rights do Oklahoma consumers have, what obligations does your organization face, and how can you start preparing?
In Case You Missed It...
Podcast: AI Doesn’t Need More Data; It Needs Context with Philip Rathle of Neo4j
We sit down with Philip Rathle, Chief Technology Officer of Neo4j, to explore a question that’s becoming urgent in the age of AI: What happens when powerful models operate without context, governance, or explainability?
Blog: Navigating Identity in a Cookieless, Compliant World
At the March 2026 MarTech Conference, industry leaders gathered to discuss the marketing’s movement away from passive tracking and toward active relationships built on transparency. The session, “Navigating identity in a cookieless, compliant world,” featured insights from Craig Schinn of Actable, Jay Mandel of the Clean Data Alliance, Ana Mourao of Stanley Black & Decker, and Amar Ramakrishnan of Osano. Read about their takeaways and watch the panel here.
Events
In-Person Event: IAPP Global Privacy Summit
You can find Osano at the biggest privacy event of the year at booth #148! See if your website meets regulatory standards with the Compliance Check Challenge and ask our privacy experts your most pressing compliance questions.
In-Person Event: ANA Masters of Data–Data Privacy: Legal’s Problem or Your Opportunity?
At the Association of National Advertisers’ (ANA’s) Masters of Data conference on April 13th, Senior Vice President of Marketing Shane Coker will explain why privacy compliance matters for marketers, why it’s more than just a checkbox exercise, and how to turn privacy into a revenue driver for your brand.
Top Privacy Stories of the Week
Y Combinator Compliance Startup Hit with Fraud Accusations
Recently, an anonymous Substack account named Deepdelver published a lengthy article that claimed to have evidence that AI-powered compliance startup Delve “fakes compliance while creating the appearance of compliance.” The post alleges that Delve had been generating “fraudulent” audit reports, lying about the security measures it implements, and fabricating “evidence of board meetings, tests, and processes that never happened.”
EU Parliament Votes to Postpone High-Risk AI Rules Under AI Act
EU Parliament members have adopted a simplification proposal amending the Artificial Intelligence Act, postponing the activation of certain rules on high-risk AI systems, given that key standards may not be finalised by the current deadline of 2 August 2026. In their amendments, parliament members proposed delaying rules for high-risk AI systems specifically listed in the AI Act to December 2, 2027. For AI systems that are covered by EU sectoral legislation on safety and market surveillance, members proposed delaying rules to August 2, 2028.
White House Urges Congress to Take a Light Touch On AI Regulations in New Legislative Blueprint
The White House said recently that Congress should "preempt state AI laws" that it views as too burdensome, laying out a broad framework for how it wants Congress to address concerns about artificial intelligence without curbing growth or innovation in the sector. The legislative blueprint outlines a half-dozen guiding principles for lawmakers, focusing on protecting children, preventing electricity costs from surging, respecting intellectual property rights, preventing censorship, and educating Americans on using the technology.
CJEU Confirms That a Single DSAR Can Be “Excessive” If Made with Abusive Intention
Under the GDPR, controllers may refuse to act on subject rights requests if they are “manifestly unfounded” or “excessive.” Recently, the Court of Justice of the EU (CJEU) ruled that even a first DSAR may be refused as “excessive” where the controller demonstrates it was made with abusive intention. The CJEU stressed that this exception must be interpreted restrictively, that the threshold for qualifying a first DSAR as excessive must be high, and that the burden of proof lies on the controller. The court also set out a two-part test to establish abusive intention.
Proposed Bill Would Expand Californians’ Privacy Rights
The California state Senate Committee on Privacy, Digital Technologies, and Consumer Protection meets April 6 to consider a bill that proposes to expand consumer rights regarding personal information deletion and improving the accessibility of request submission methods. The legislation would expand on the Delete Act, enabling consumers to delete their personal information from businesses that quietly add third-party data purchased by data brokers to detailed consumer profiles to target them for commercial purposes.
Like what you see in the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📱 The Osano Subreddit
Join our official subreddit to stay up to date on the latest news, analysis, guidance, and content from Osano!
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
