Hello all, and happy Thursday!
One of our stories this week centers on a report allegedly uncovering LinkedIn’s secret scanning of your browser extensions (hello to our LinkedIn readership).
The report claims LinkedIn injects a script that scans for the fingerprints of over 6,000 browser extensions, then connects those to the individual users, and then the businesses those individuals work at. In this way, Microsoft can ID businesses using tools that compete with its own, incidentally collecting whatever information extensions also reveal along the way (or so the report claims).
LinkedIn doesn’t deny that it scans for browser extensions; rather, it insists this scanning is done to detect extensions that themselves scrape data from users’ profile. The privacy violations alleged in the report, according to LinkedIn, are actually misconstrued privacy protections. LinkedIn also notes that the report authors hold a grudge against the platform over an account restriction that was upheld by a German court.
True or not, the allegations have already spurred two class action lawsuits out of California, and because LinkedIn is regulated as a “gatekeeper” under EU law, the report authors have filed a preliminary injunction against LinkedIn for DMA violations.
Best,
Arlo
Highlights From OsanoCase Study: Cookie Consent Clarity: Why a Global Travel Brand’s Legal Team Left Their Legacy Provider for Osano
When a complex, legacy consent management platform left a global travel company's legal team locked out of their own privacy program, switching to Osano gave them something they'd never had before: a tool they could actually use, the visibility to prove their decisions were being followed, and peace of mind knowing they were in control.
In-Person Event: ANA Masters of Data–Data Privacy: Legal’s Problem or Your Opportunity?
At the Association of National Advertisers’ (ANA’s) Masters of Data conference on April 13th, Senior Vice President of Marketing Shane Coker will explain why privacy compliance matters for marketers, why it’s more than just a checkbox exercise, and how to turn privacy into a revenue driver for your brand.
A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data. The report author claims that this behavior is used to collect sensitive personal and corporate information, as LinkedIn accounts are tied to real identities, employers, and job roles.
Read Brian Hengesbaugh’s, Global Chair, Data and Cyber at Baker McKenzie, takeaways on his conversation with privacy advocate Max Schrems during last week’s IAPP Global Summit here.
Five key Democrats flipped their votes to deal a potentially fatal blow to a sweeping data privacy bill that has motivated a strong opposition effort from Maine businesses of all sizes. It reversed a narrow victory for the bill in the House last week influenced by Republican absences. Now, the bill faces further action in the Maine Congress.
With the EU failing to come to terms on a new agreement over child safety protections, Google, Meta, Microsoft, and Snap reaffirmed their commitment to protecting children and preserving privacy on their platforms. The newly expired protections included parameters that enabled online platforms to scan their services for CSAM material, which means that online platforms are no longer allowed to conduct this scanning under EU privacy laws.
US state privacy enforcers speaking at the IAPP Global Summit 2026 indicated an uptick in their respective activities is coming this year as the California Privacy Protection Agency and state attorneys general continue to work collaboratively. Enforcement priorities with the most immediate and consequential impacts are expected out of California, where CalPrivacy is considering its options on higher fines attached to California Consumer Privacy Act settlements while the attorney general's office hinted it may soon begin a rulemaking on age assurance and parental consent under the Protecting Our Kids from Social Media Addiction Act. Attorneys general in Connecticut, Delaware and Indiana also highlighted expected priorities to Summit attendees.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
Join our official subreddit to stay up to date on the latest news, analysis, guidance, and content from Osano!
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!