Will Google Be Dismantled?
Hello all, and happy Thursday!
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: July 4, 2024
Hello all, and happy Thursday!
This Thursday, the Osano team is out of the office celebrating the Fourth of July with family and friends! To that end, we’ll keep this week’s Privacy Insider short and sweet.
However, I do want to quickly address a recent Supreme Court decision—specifically, the Court’s decision to overturn the Chevron deference. As a very quick summary, the Chevron deference was a legal framework in which courts deferred to regulatory agencies’ interpretations of ambiguous statutory law. Now, courts are expected to make independent decisions on ambiguous requirements, though they may still consider agency recommendations.
This has a huge impact on all things related to regulatory compliance, especially at the federal level. But when it comes to data privacy compliance in the U.S., the likely result is a greater focus on state-level regulations and a reduced likelihood of a federal data privacy law. Legislators at the federal level will take more time to pass laws since they’ll need to reduce as much ambiguity as possible, while state legislators will have more freedom to hand off legislative interpretation to agencies like the California Privacy Protection Agency (CPPA).
There’s a lot more analysis and discussion to be made on this decision, but we can’t get into sufficient depth in this newsletter. Especially on a holiday! So, to our U.S. subscribers, we hope you’ve enjoyed some well-deserved rest, fireworks, and barbeque. To our international subscribers, we’re sorry for the U.S.-centric content in this week’s newsletter—we’ll be back next week with your regularly scheduled newsletter!
Best,
Arlo
P.S. Speaking of U.S. data privacy laws, did you know that two state laws just went into effect as of July 1? Texas’s and Oregon’s data privacy laws are now live!
The number of facial recognition searches law enforcement conducted via controversial Clearview AI technology doubled to 2 million over the past year. In addition, the number of images stored in the company’s database of faces, which is used to compare biometrics, also has surged, now totaling 50 billion, according to a statement from CEO Hoan Ton-That.
In a consequential decision for Health Insurance Portability and Accountability Act (HIPAA)-regulated entities, the U.S. District Court for the Northern District of Texas invalidated the Department of Health and Human Services’ Office for Civil Rights' (OCR’s) guidance that HIPAA obligations attach where an online tracking technology collects certain combinations of personal information.
Identity Intelligence organization Au10tix recently exposed a set of administrative credentials online for over a year. This exposure potentially allowed hackers to access sensitive data. Au10tix verifies identities for companies like TikTok, Uber, and X, and boasts clients such as Fiverr, PayPal, Coinbase, LinkedIn, and Upwork. Some of these companies confirmed their active or past use of Au10tix’s services.
Recently, the U.S. Department of Commerce Office of Information and Communications Technology and Services (OICTS) published a first-of-its-kind Final Determination against Kaspersky Lab, Inc., prohibiting the provision of its antivirus software and cybersecurity products in the United States or to U.S. persons. This Final Determination provides new insights into the OICTS review of information and communications technology and services transactions and the prohibitions or restrictions that may result.
The European Commission recently informed Meta of its preliminary findings that its “pay or consent” advertising model fails to comply with the Digital Markets Act (DMA). In the Commission's preliminary view, this binary choice forces users to consent to the combination of their personal data and fails to provide them a less personalized but equivalent version of Meta's social networks. Meta will have an opportunity to provide its defense, but the Commission could fine it up to 10% of Meta’s total worldwide turnover.
Data mapping is an essential foundation for compliance—but how do you actually find data in your map and classify its risk? This blog dives into detail.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.