California Remains a Privacy Bellwether
Hello all, and happy Thursday!Read Now
June 17, 2022
With Father’s Day coming up, I’m reminded of my own father, who worked at the US Central Intelligence Agency, and how he contributed to my understanding of data privacy.
The first question people would ask me when I was younger was whether my dad was a spy. Although I can neither confirm nor deny this information, I can tell you what it was like growing up with a dad who spent his career keeping a lot of national data private. He would often repeat essential privacy tips and guidance to us, like:
When I was young, I would roll my eyes and think “Who would want my data?” I didn’t have any concern for data privacy — despite my dad’s career and guidance — until 2013 when I became one of the 110 million people hit by the Target data breach*. This breach was particularly bad due to Target’s lax network access practices and the many warnings they chose to ignore. Luckily, I was able to address the breach quickly and monitor my information to avoid problems and unauthorized credit issues, but not everyone came out unscathed.
Finally, the reality had hit me that my data was important, and in the wrong hands, could severely disrupt my life and future. I don’t think my dad could have predicted back in the 90s/00s that businesses and individuals would share and sell data at the level we do today, but his lessons still ring true. So, thanks Dad for all that you’ve taught me about privacy, and happy Father’s Day!
France’s data watchdog warns over illegal use of Google Analytics
France’s data protection authority, the Commission nationale de l'informatique et des libertés (CNIL), has issued guidance indicating that the use of Google Analytics is illegal under the GDPR. Because Google Analytics data is transferred to the US and includes that of EU citizens’, US intelligence services may gain access to EU citizens’ data unlawfully through Google Analytics.
CPPA Holds First Public Meeting Following First Draft of Proposed Regulations
The California Privacy Protection Agency (CPPA) held a public meeting to discuss the proposed regulations from the California Privacy Rights Act (CPRA). Among other takeaways, it became clear that the CPPA intends to make honoring global opt-out preference signals mandatory, even though the CCPA/CPRA suggests that signal is voluntary. Many privacy concerns, such as automated decision-making and profiling, cybersecurity audits, and risk assessments, were not covered in the draft regulations, indicating that further drafts are to be expected.
Apple’s privacy rules targeted by German competition authorities
Germany’s Bundeskartellamt (also known as the Federal Cartel Office) has launched a probe into Apple’s privacy rules, fearing that they may be directed at stifling competition rather than protecting user privacy. Specifically, the Bundeskartellamt is concerned that Apple’s App Tracking Transparency (ATT) framework, which establishes preconditions that third-party apps must meet before tracking users, may be abused to give Apple’s services preferential treatment.
US House committee showcases federal privacy momentum, opportunity
Wednesday's federal privacy law hearing deviated from the typical tone privacy advocates were used to hearing from Congress — the hearing featured a remarkably productive discussion, which signaled good things for the bipartisan and bicameral American Daa Privacy Act. One committee member described the moment as “the best opportunity we've had to pass a comprehensive privacy law in decades.”
Spotlight on Osanians: Get to know Kait
Want to know more about the author of this week’s Privacy Insider intro? Our most recent Spotlight series post shines a light on Kait Marcinek, Osano’s Senior Product Manager. Check out Kait’s interview here.
If Osano sounds like an environment where you could thrive, why not check out our Careers page? We might have the perfect opportunity for you.
The Osano staff is a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet. Occasionally, the team writes under the pen name of our mascot, “Penny, the Privacy Pro.”