.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.png?width=148&height=200&name=Privacy%20Insider%20Book%20(mock%20w%20shadow).png)
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
Hello all, and happy Thursday!
With the recent passage of California’s Delete Act, it’s an especially good time to reflect on the contents of a recently declassified report from the Office of the Director of National Intelligence (ODNI).
The Delete Act empowers consumers to request the deletion of their personal data by all data brokers registered in California. The ODNI report shows that greater regulation of data brokers at the federal level is merited, as the government perceives data brokers to be a loophole for mass, warrantless device surveillance.
The Fourth Amendment prohibits the government from engaging in warrantless search and seizure. Tracking U.S. citizens through their cell phones certainly counts as a search, so federal agencies would need to get a judge to sign off on a warrant before tracking that data.
However, it has long been the position of federal agencies that “publicly available” information is not subject to the Fourth Amendment. If the information can be purchased, then the government considers it to be publicly available—whether or not any reasonable person would agree.
The report clarifies that ODNI’s own expert panels believe this approach is an overreach. But as we’ve seen with commercial excesses in data collection, we can’t expect organizations to simply stop tracking individuals’ data out of a sense of ethics. Historically, data collection practices have only been reduced to reasonable levels through regulation.
Best,
Arlo
P.S. Scroll down to watch Osano’s Head of Privacy, Rachael Ormiston, talk through a quick overview of India’s new Digital Personal Data Protection Act (DPDPA)!
.png?width=800&height=450&name=CPRA%20Checklist%20CTA%20(4).png)
Top Privacy Stories of the Week
Information Commissioner Calls on Public Authorities to Stop Using Spreadsheets in FOI Responses
The Information Commissioner, John Edwards, has issued an advisory notice to public authorities calling for an immediate end to the use of original source Excel spreadsheets when responding publicly to Freedom of Information Act (FOI) requests due to a number of high-profile personal data breaches.
DSIT Publishes Draft Amendments to the UK GDPR and DPA 2018
The UK’s Department for Science, Innovation, and Technology (DSIT) recently published draft amendments that would replace references to EU-derived rights in the UK GDPR and Data Protection Act (DPA).
Meta Wants to Charge EU Users $14 a Month if They Don't Agree to Personalized Ads on Facebook and Instagram
In response to the EU's crackdown on personalized advertising, Meta may create subscription tiers for Facebook and Instagram users in the EU. Notably, this paid version of the apps would still serve advertisements; they simply would not be targeted based on user data.
Declassified Report Shows the US Is Openly Stockpiling Dirt on All Its Citizens
A newly declassified report from the Office of the Director of National Intelligence reveals that the federal government is purchasing a large amount of sensitive and intimate information on its own citizens from data brokers.
EU Urged to Reconsider Cyber Resilience Act’s Bug Reporting Within 24 Hours
In an open letter to the EU, 56 cybersecurity leaders said the EU’s proposed one-day vulnerability disclosure requirement under the Cyber Resilience Act (CRA) means that dozens of government agencies would have access to a real-time database of software with unmitigated vulnerabilities without the ability to protect them.
Reddit Is Removing the Ability to Opt-out of Ad Personalization
Reddit is getting rid of the ability to opt-out of ad personalization based on users’ activity on the platform. The platform says select countries will still have the power to opt out of ad targeting, but has not yet released a specific list.
Osano Blog: CPRA Compliance Checklist: 7 Key Steps
Uncertain of where to start when it comes to CPRA compliance? Use this checklist to build a foundation for compliance.
A Bonus 🎁 from Osano:
Rachael Ormiston, Head of Privacy, Talks Through India’s Digital Personal Data Protection Act (DPDPA)
If you’re interested in working at Osano, check out our Careers page!
