California Remains a Privacy Bellwether
Hello all, and happy Thursday!Read Now
August 31, 2023
Hello all, and happy Thursday!
One of the more influential data privacy laws in the world (or at least data privacy-adjacent) just reached an important milestone; the EU’s Digital Services Act (DSA) is now in effect for "very large online platforms" and "very large online search engines."
In essence, this means the Googles and Metas of the world must moderate hate speech and disinformation on their respective platforms. While the DSA is primarily concerned with combating harmful content, it enters the privacy sphere in that it also requires VLOPs and VLOSEs (i.e., very large online platforms/search engines) to provide options for recommended content that does not rely on user profiling, to be transparent around digital advertising, and generally protect consumer rights.
The DSA’s got teeth, too—businesses risk being fined up to 6% of their total worldwide annual turnover.
That being said, enforcement is a bit of a head-scratcher. The level of effort that it would take to moderate harmful content online seems enormous. And moderating harmful content requires a clear consensus on what content is considered harmful. What happens when VLOPs and VLOSEs’ idea of harmful content doesn’t match with what the regulators’ ideas of harmful content are?
Well, the developers of the DSA considered this issue.
The act addresses this concern by relying on “trusted flaggers”—entities with experience around identifying harmful content, most likely non-government organizations and advocacy groups. Still, it seems like content moderation on this scale will be messy.
Watching this law and its enforcement in the next few years and months will be illuminating, both because smaller organizations will gradually become subject to the DSA as time goes on and because this regulatory approach to internet content moderation has never been tried before.
The Office of the Australian Information Commissioner (OAIC) and 11 other international data privacy protection organizations have issued a joint statement on the rise in the use of data scraping technologies to collect personal information from social media accounts. Among other subjects, the statement discusses the responsibilities of social media companies, how publicaly available personal information is still subject to regulation, how to protect your own data, and more.
India’s Digital Personal Data Protection Act, 2023 (DPDP Act) was enacted on August 11. Learn about how the law treats digital personal data, what requirements data controllers face, what rights the law provides, and more here.
All data breaches are data incidents, but not all data incidents are data breaches. This article dives into the difference between the two and provides key, actionable information organizations can take into account to prevent an incident from evolving into a full-blown breach.
As of August 25th, the EU Digital Services Act regulations governing the obligations of "very large online platforms" and "very large online search engines" are in effect. As a result Facebook, Amazon and other large tech companies must curb hate speech, propaganda and other harmful content.
Software development kits, or SDKs, are widely used to accelerate software development, but they often contain data collection and transmission through tracking technologies—sometimes without the developers’ knowledge.
Cookie notices can feel like an unnecessary intrusion into an otherwise-peaceful web browsing experience, but they’re absolutely essential to the user experience. Find out why, what’s required in a cookie notice, and what major regulations have to say about cookie notices in this blog.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.