Hello all, and happy Thursday!
If you haven’t noticed, California is on a real tear about universal opt-out signals.
Last week, this newsletter focused on the California Privacy Protection Agency’s (CPPA’s) new investigatory sweep into businesses’ compliance with the CCPA’s universal opt-out requirements.
Now, a proposed bill—the “Opt Me Out” Act—would require browsers to support the Global Privacy Control (GPC) and other universal opt-out mechanisms. And if you thought this intro could stand for a few more acronyms, here’s an alternative term for universal opt-out mechanisms: opt-out preference signals, or OOPS! That’s what you’ll be saying if your company’s website can’t process GPC signals.
As of this writing, the act is awaiting Governor Newsom’s signature or veto. Last year, a similar bill was vetoed by the Governor, but only because it included requirements for operating system developers that may have been excessive. That requirement has been removed in this version of the bill, so it seems likely to be enacted into law.
The development is significant, as only privacy-focused browsers provide native support for universal opt-out signals. If a user wants to set their privacy preferences in Google Chrome, Apple Safari, or Microsoft Edge, they have had to rely on extensions and add-ons. This bill would change that.
If you need a refresher on all things GPC, scroll down to check out our blog on the topic.
Best,
Arlo
Blog: Global Privacy Control (GPC) and Universal Opt-Out
The GPC may make it easier for consumers to exercise their privacy rights, but what do businesses need to do to acknowledge GPC signals and stay in compliance? Find out in our blog.
Blog: How Long Do I Have to Respond to a DSAR?
Human beings are notoriously bad at planning for things. Psychologists call it (unsurprisingly) the “planning fallacy.” You know what makes it even harder to plan? Not knowing when the deadline is. This blog gives you all the deadlines associated with DSARs under different privacy laws.
Webinar: Why Should Marketers Give a %#$@ About Data Privacy?
You’ve got pipeline to generate, campaigns to run, and metrics to analyze (SO many metrics)—why should you give a %#$@ about data privacy? Find out in our webinar on September 18th. We'll even bribe woo you with games and prizes to boot.
Register today | September 18th, 1-2 PM EST
Event: LogicON
Osano’s Chief Trust & Privacy Officer will be speaking at LogicON 2025! Listen to Rachael Ormiston cover everything you need to know about how to protect privacy in an AI-driven world, as well as all the other speakers’ insights into proving AI’s ROI, surviving AI regulatory overload, finding the human in the AI, and more.
Register today | October 14-16 | Columbus, OH
Spotify announced a new feature last week–direct messaging–that was supposed to make music sharing easier. However, users realized that Spotify was connecting users to everyone they shared a link with, regardless of whether those links were shared on anonymous platforms or not.
The California state Senate recently voted 30-7 to pass a bill that would require web browsers to provide a clear, user-friendly opt-out setting for consumers to prevent the sale or sharing of their personal information. The "Opt Me Out” Act would prohibit a business from developing or maintaining a browser that does not support universal opt-out signal mechanisms, such as the Global Privacy Control (GPC). As of this writing, the bill is awaiting the Governor’s signature.
Anthropic has released its third Anthropic Economic Index Report, which documents how AI use is reshaping the economy. In order to preserve users’ privacy, Anthropic used an approach dubbed Clio—or Claude insights and observations—which ostensibly enables Anthropic to analyze their users’ behavior without exposing their personal information.
TikTok's U.S. operations would be controlled by an investor consortium including Oracle, Silver Lake, and Andreessen Horowitz, under a framework the U.S. and China are finalizing. A new company will be created to operate TikTok, with U.S. investors holding a roughly 80% stake and Chinese shareholders owning the rest, the report said. The company would also have an American-dominated board, with one member designated by the U.S. government.
Effective September 12, the EU Data Act introduced new rules on access to and sharing of data from certain products and services in business-to-consumer (B2C), business-to-business (B2B), and business-to-government (B2G) contexts. The act applies to any business offering products or services in the EU, regardless of its location. Learn about the major requirements of the EU Data Act here.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!