In this edition of Privacy Insider, we’re featuring a fair number of legislative updates. Between Québec, Argentina, California, and Indonesia, there has been a lot of movement on data privacy regulations across the globe.
When we think about data privacy, it’s easy to become fixated on the major jurisdictions, like the EU or California. But privacy is a universal concern, and data privacy will be an issue in any place with internet access.
For businesses, that can feel overwhelming. There are 195 countries worldwide, and over 80 currently have data privacy laws on the books; how can anybody be expected to adhere to all of these different laws? It’d be one thing if only large multinationals were subject to data privacy laws. But today, so many products and services are facilitated over the internet that it isn’t a stretch for a small business in the US to need to comply with a data privacy law from a country on the other side of the world.
Fortunately, we’re already seeing these laws converge to a degree, which will simplify compliance. Most data privacy laws are heavily inspired by the GDPR, after all. Eventually, there might be a global standard for data privacy. Until then and after, Osano will be there to make compliance possible.
Québec’s new personal information law goes into effect today
Law 25, a law regulating the use of personal information in Québec, was passed one year ago, but it comes into effect today. Many businesses are still uncertain about the law’s specifics. Follow the link to learn 5 common misconceptions about Law 25.
The California Privacy Protection Agency will announce CPRA rulemaking updates this Friday
The California Privacy Protection Agency (CPPA) will discuss the course of action associated with its current rulemaking process this Friday (September 23rd). The meeting will be held over Zoom and telephone. Follow the link below to find the Zoom link and conference code.
FTC joins push for rules on trade of smartphone location data
In response to growing privacy concerns over the trade of smartphone data, the Federal Trade Commission (FTC) is in the early stages of writing new privacy rules that would apply to data brokers. The increased scrutiny of smartphone location data and the role of data brokers in its sale has been a particular concern in the aftermath of the Supreme Court decision that invalidated Roe v. Wade. Regulators and privacy advocacy groups are concerned that smartphone data could be used to track whether individuals have visited abortion clinics.
US border forces are seizing Americans' phone data and storing it for 15 years
When a traveler’s device is searched at a border crossing, US Customs and Border Protection (CBP) agents may store that data for up to 15 years. CBP officials have stated that as many as 10,000 devices are searched in this way every year. These searches are legal so long as border officials have a reasonable suspicion that a traveler is breaking the law or threatening national security, but the broad collection and retention practices of the CBP have drawn criticism from privacy advocates and legislators.
Indonesia passes much-anticipated data privacy law
After a slew of data breaches, the Indonesian government has passed a data privacy law that had been deliberated over for more than a year. With this new bill, Indonesia has become the fifth country in Southeast Asia to have data privacy protection law on the books after Singapore, Malaysia, Thailand, and the Philippines.
Argentina plans updates to its 22-year-old data protection law
Argentina’s data protection authority has issued a draft bill that proposes to bring its 22-year-old data protection law more in line with the GDPR and other modern data protection regulations.
Governor Newsom signs first-in-nation bill protecting children’s online data and privacy
California Governor Gavin Newsom signed the California Age-Appropriate Design Code Act, which is aimed at protecting the well-being, data, and privacy of children using online platforms. The bill prohibits companies that provide online services, products, or features likely to be accessed by children from using a child’s personal information; collecting, selling, or retaining a child’s geolocation; profiling a child by default; and leading or encouraging children to provide personal information.
Osano blog: Your data privacy terminology cheat sheet
Find yourself frequently encountering obscure data privacy acronyms, terms, and niche definitions? You might benefit from bookmarking our glossary of data privacy terms.
Interested in working at Osano? Check out our Careers page! We might have the perfect opportunity for you.