.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.webp?width=1220&height=1090&name=Osano-guarantee-seal%20(1).webp)
Hello all, and happy Thursday!
When folks first start digging into privacy compliance, they quickly realize how complex and technical it can get. Well, regulatory agencies struggle with the complexity of compliance (or rather, non-compliance) too.
CalPrivacy recently announced that it has hired Sabrina Boyson Ross as its first Chief Privacy Auditor. Getting compliant might involve a lot of technical and organizational work, but uncovering non-compliance from an outsiderās perspective can be even more difficult.
Ross and the newly formed CalPrivacy Audits Division will be dedicated to auditing and analyzing organizationsā privacy and technical records to probe for compliance gaps, assess business practices, and provide recommendations to CalPrivacyās Enforcement Division.
What does this mean for you and me? More enforcement, and more granular enforcement.At the start of the year, the Osano team predicted that 2026 would be the year we start seeing the technical aspect of privacy enforcement take center stage. It looks like that prediction is already starting to come true.
Best,
Arlo
Events
Webinar: Untap Those Wires: How to Reduce CIPA Risk with Your CMP
The Cold War may be over, but wiretap laws are alive, well, andāif youāre a member of the plaintiffās barāvery lucrative. Thousands of lawsuits have been filed under decades-old wiretap laws in recent years, with the California Invasion of Privacy Act (CIPA) chief among them. How can you protect your business against opportunistic CIPA lawsuits? Join Osanoās Chief Customer Officer Skye McCullough and Strategic Customer Success Manager Mark Brown on February 5th to discover the answer.
Save your seat | February 5th, 1 pm EST
In Case You Missed It...
Blog: Q&A From Our 2026 Privacy Laws Webinar
Whether you were in attendance at our recent webinar, Untangling 2026 Privacy, and didnāt get a chance to hear your questionās answer, or you werenāt able to make it, hereās your chance to learn more. We collected the questions asked by our audience and answered them here in this blog. Learn what there is to know about wiretap lawsuits, assessment workflows, enforcement priorities, and more.
Top Privacy Stories of the Week
Spain Becomes First Country In Europe to Ban Social Media For Under-16s
Spain announced plans to introduce an Australia-style social media ban for under-16s as part of a broader crackdown on tech giants over systemic failures to protect users from harm. Spanish Prime Minister Pedro Sanchez said teens under 16 will be unable to access social media platforms starting next week as part of a series of government measures targeting tech platforms.
California Privacy Protection Agency (CalPrivacy) Names Sabrina Boyson Ross as Chief Auditor and Forms New Audits Division
CalPrivacy has selected Sabrina Boyson Ross to serve as the agencyās inaugural Chief Privacy Auditor. Ross will lead the CPPAās newly formed Audits Division, which develops and applies privacy compliance audit procedures and conducts complex regulatory examinations of businesses and business practices. The division obtains and analyzes privacy and technology records to determine compliance with the California Consumer Privacy Act.
UK GDPR: UK Privacy Reform Goes Live Thursday
The main data protection reforms contained in the UKās reform law, the Data (Use and Access) Act 2025 (DUAA), are now rapidly coming into force on Thursday, 5 February 2026, nearly eight months after becoming law. Here are the key updates that businesses subject to UK data laws need to know about today.
European Commission Misses Deadline for AI Act Guidance on High-Risk Systems
The European Commission reportedly missed a deadline to provide guidance on how operators of high-risk artificial intelligence systems can meet their obligations under the AI Act, another sign of an ongoing struggle over implementation amid considerations for a delay. The Commission had until 2 Feb. to produce information about adherence to Article 6 of the AI Act.
California AG Launches Surveillance Pricing Investigation
California Attorney General Rob Bonta recently announced an investigative sweep focused on businessesā use of consumersā personal information to set targeted, individualized prices for products and services, a practice known as surveillance pricing that may violate the CCPA. The California Department of Justice is sending letters to businesses in the retail, grocery, and hotel sectors requesting information regarding how they use consumersā data to set the prices of goods or services.
Like what you see in the Privacy Insider newsletter?
There's more to explore:
šļøThe Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
š± The Osano Subreddit
Join our official subreddit to stay up to date on the latest news, analysis, guidance, and content from Osano!
š The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If youāre interested in working at Osano, check out our Careers page!
