Another Privacy Law is Online!
Hello all, and happy Thursday!
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: January 5, 2023
Hello all, and happy new year! Privacy Insider is back and running after our holiday hiatus. Although we may have been on a break, the world of data privacy didn’t see fit to pause for the holidays.
Plenty happened over the course of the previous few weeks—namely, plenty of end-of-year fines and penalties. Take a look at our newsletter below to see who got dinged for data privacy violations over the holidays as well as other data privacy developments and news.
And for those of you who came to this newsletter looking for CPRA guidance now that January 1st has come and gone, just scroll down to access our CPRA Survival Kit. In the coming weeks and months, as the CPRA and other 2023 laws come into force, we’ll be sure to continue to serve up actionable resources to help you maintain compliance.
Best,
Arlo
Cyber attacks set to become ‘uninsurable’, says Zurich chief
Mario Greco, chief executive of one of Europe’s biggest insurance companies, warned that cyber attacks may become uninsurable. As ransomware and other cyberattacks continue to rise and payments to resolve those incidents spirals higher, insurers may struggle to develop adequate policies for both insurers and insureds.
Read more
Twitter faces data-protection probe after '400 million' user details up for sale
A hacker operating under the pseudonym "Ryushi" is demanding $200,000 (£166,000) to delete data associated with 400 million user accounts. As a response to the leak, Irish data protection authorities have launched a probe into Twitter’s compliance data protection laws in relation to the incident.
Read more
Draft adequacy decision on EU-U.S. Data Privacy Framework published by the European Commission
The European Commission has published its draft adequacy decision on the new EU-U.S. Data Privacy Framework, essentially affirming that the framework provides a comparable level of safeguards for data subjects as the GDPR. As a next step, the European Data Protection Board will perform its own assessment and publish its opinion.
Read more
Epic Games to pay $520 million over FTC claims of children’s privacy violations
Epic Games, the publisher of the popular video game Fortnite, has settled an FTC lawsuit by paying $520 million. The FTC alleged that Epic Games unlawfully collected personal information and illegally used digital dark patterns to bill Fortnite users for unintentional in-game purchases. This included saving and using credit card information without parental consent, making it difficult for parents to review in-game purchases, alternating the buttons for previewing and purchasing an item to encourage mistaken purchases, and more.
Read more
New draft regulations for Colorado’s privacy law
The Colorado Attorney General has released a second set of draft regulations on the Colorado Data Privacy Act, which goes into effect July 1 of 2023. The draft regulations make updates related to the definitions of employee, employment records, and biometric identifiers, among other terms; notice requirements; universal opt-out mechanisms; security measures; consent; and data protection assessment requirements.
Read more
Meta agrees to pay $725 million to settle privacy lawsuit
After improperly disclosing the personal information of 87 million users in the Cambridge Analytica scandal, Meta has agreed to settle a class-action lawsuit with a $725 million payment. The settlement follows on the heels of a $5 billion payment made to the FTC over the same scandal as well as a $100 million payment to the SEC.
Read more
Irish data protection authorities levy a $400 million fine against Meta
After a European Court found that Meta’s legal justification for personalized ads was not valid, Irish data protection authorities have enforced that decision with a $400 million penalty and an order to identify a different legal basis. Previously, Meta argued that users consented to personalized advertising by reviewing their terms and conditions, an approach which European authorities have invalidated.
Read more
Meta paid over 80% of the EU’s 2022 GDPR fines
Of the €832,000 in fines levied out by European data protection authorities for GDPR violations in 2022, Meta paid more than 80%. This figure comes from a recent analysis by Atlas VPN on the GDPR enforcement in 2022. In total, Meta has paid over a billion euros in GDPR fines over the years.
Read more
Osano’s CPRA survival kit
2023 is here and with it, the CPRA. Since you’re subscribed to this newsletter, you’ve surely heard us ring the alarm bells about getting prepared for the CPRA—right?! If CPRA compliance at your organization is still a work in progress, don’t panic. We’ve gathered all of our most actionable CPRA-related resources on one page. Consider bookmarking it to review at your leisure.
Review the survival kit
Interested in working at Osano? Check out our Careers page! We might have the perfect opportunity for you.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.