.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.webp?width=1220&height=1090&name=Osano-guarantee-seal%20(1).webp)
Hello all, and happy Thursday!
For years, there’s been a perception that privacy enforcement in the EU is just different than it is in the US. With over 2,500 GDPR fines totaling a little under €7 billion, it’s easy to see why that perception exists.
But the only thing behind Europe’s reputation for heavy privacy enforcement is the fact that they got there first. As US laws mature, regulators have been steadily turning up the heat.
The California Privacy Protection Agency (CPPA) has just announced yet another enforcement action, this time against Tractor Supply Company, for a record-setting $1.35 million. It’s the largest fine in the CPPA’s history and falls just short of the largest in CCPA history. That belongs to the Healthline enforcement earlier this year, in which the California Attorney General’s office penalized Healthline to the tune of $1.55 million.
In addition to this penalty bringing US privacy enforcement closer to what we’d expect out of the EU, two more aspects of this enforcement jump out at me:
- It’s the first time job applicant data has been involved in a data privacy enforcement. Some privacy laws carve out employee and job applicant data, but not the CCPA.
- The penalized violations started January 1, 2023. That is the very first day that the CCPA applied to job applicants. This underscores the need for proactive privacy compliance, not just compliance after a law goes live.
Best,
Arlo
Highlights From Osano
Events
Event: LogicON
Osano’s Chief Trust & Privacy Officer will be speaking at LogicON 2025! Listen to Rachael Ormiston cover everything you need to know about how to protect privacy in an AI-driven world, as well as all the other speakers’ insights into proving AI’s ROI, surviving AI regulatory overload, finding the human in the AI, and more.
Register today | October 14-16 | Columbus, OH
Meetup: AI, IRL: Hexes and Hallucinations
It’s already in your stack, your prompts, your daily life…and sometimes it can haunt instead of help. Join us this spooky season as we yap AI terror tales! Seats are limited for this meetup, so grab yours today!
Register today | October 22nd | 1-3 PM EST
Top Privacy Stories of the Week
Tractor Supply to Pay $1.35M Over CCPA Violations
The California Privacy Protection Agency (CPPA) has issued a $1.35M fine against Tractor Supply Company, the nation’s largest rural lifestyle retailer. The fine is the largest in CPPA history and is the first to explicitly include violations associated with job applicant data.
California Governor Newsom Signs Landmark AI Safety Bill SB 53
California Gov. Gavin Newsom has signed SB 53, a first-in-the-nation bill that sets new transparency requirements on large AI companies. The bill requires large AI developers to be transparent about safety protocols, ensures whistleblower protections for employees at those companies, and creates a mechanism for reporting potential safety incidents associated with AI models.
Spanish Court Opens €550 Million Meta Data Protection Trial
More than 80 Spanish media organizations have brought a lawsuit against Facebook owner Meta for allegedly breaching European Union data protection rules. Spain's main media association AMI says the US tech giant created "unfair competition" by "systematically" breaking the law between May 2018 and July 2023. The association alleges unfair competition in digital advertising sales and is seeking 551 million euros ($647 million) in compensation.
Chat Control Is Back on the Menu in the EU. It Still Must Be Stopped
The European Union Council is once again debating a controversial message scanning proposal that would lead to the scanning of private conversations of billions of people. Chat Control is a legislative proposal that would make it mandatory for service providers, including end-to-end encrypted communication and storage services, to scan all communications and files to detect “abusive material.”
Why Small Businesses Can No Longer Ignore Data Privacy Laws
For many small business owners, data privacy regulations still feel abstract or aimed at larger businesses. In reality, even a one-person online shop can suddenly find itself facing consumer privacy demands.
Like what you hear from the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
đź“– The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
