In this article

Sign up for our newsletter

Share this article

Hello all, and happy Thursday! 

This week, one of our stories focuses on a data privacy lawsuit concerning Peloton. Don’t panic—the issue isn’t centered on their virtual training sessions, so you can keep pedaling alongside Robin Arzón without fear of your personal information leaking. (As far as we know! 🤞) 

Instead, the lawsuit centers on Peloton’s website chatbot, where user chat data allegedly was collected to train AI. This may actually be a bigger deal than any data privacy leak associated with the brand’s high-tech stationary bikes. After all, not every business collects data through Internet-of-Things devices—but many, many businesses rely on website chatbots to interact with their customers. 

The suit alleges that Peloton violated the California Invasion of Privacy, or CIPA. This Cold War-era law has been making frequent headlines in recent lawsuits. Essentially, recent appellate court decisions have provided plaintiffs’ attorneys the justification needed to repurpose old laws like the CIPA to construe third-party technologies (such as AI-powered chatbots) as wiretaps. 

Since this is an active and evolving legal issue, the best thing you can do if you find yourself on the wrong side of a CIPA claim is to consult with legal counsel. If you use third-party tracking technologies on your website, it's always a good idea to follow data privacy best practices like knowing who you share data with, keeping your policies accurate and up to date, and reviewing what kinds of consents may be needed and where. 



PI Episode 3 CTA

Top Privacy Stories of the Week

Peloton Faces Lawsuit Amid Claims It Allowed Marketing Firm to Train AI On User Chat Data 

Peloton has been accused of allowing a third party to process user chat data, including for training AI, which would be a violation of the California Invasion of Privacy Act (CIPA). Peloton has attempted and failed to dismiss a class-action lawsuit by the legal firm Consumer Advocates twice, making it likely that it will face court. 

Read more 

Labour Victory: The Implications for Data Protection, AI, and Digital Regulation in the UK 

With the recent formation of a Labour government in the UK, what should organizations expect in terms of data privacy and AI legislation? This post breaks down the Labour Party’s policy positions on these subjects. 

Read more 

New York Governor Signs Legislation to Protect Minors Online 

Governor Kathy Hochul recently signed two major pieces of legislation designed to protect children online—the Stop Addictive Feeds Exploitation (SAFE) for Kids Act and the New York Child Data Protection Act (CDPA). The SAFE for Kids Act regulates content feeds offered to minors, while the CDPA provides comprehensive data privacy protections for children. 

Read more 

Upcoming CPPA Meeting to Address Automated Decision-making Rulemaking, Adequacy Status 

For its 16 July meeting, the California Privacy Protection Agency (CPPA) has announced that it plans to discuss its adequacy status with other jurisdictions as well as potential action on automated decision-making technology, among other subjects. 

Read more 

Brazil Halts Meta's AI Data Processing Amid Privacy Concerns 

Brazil's data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has temporarily banned Meta from processing users' personal data to train the company's artificial intelligence (AI) algorithms. The ANPD said it found "evidence of processing of personal data based on inadequate legal hypothesis, lack of transparency, limitation of the rights of data subjects, and risks to children and adolescents." 

Read more 

Osano Blog: Securing Buy-in For Your Privacy Program: 5 Essential Tips 

Advocating for your data privacy program can feel like an uphill battle—especially when the people holding the purse strings aren’t privacy experts themselves. We picked the brains of Osano’s Head of Privacy, Rachael Ormiston, and CFO, Ryan Macia, to identify five essential tactics that can tip the scales in your favor. 

Read more 


Like what you hear from the Privacy Insider newsletter?

There's more to explore:

🎙️The Privacy Insider Podcast

We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.

📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands

The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.

If you’re interested in working at Osano, check out our Careers page

Schedule a demo of Osano today
Share this article