Tryptophan Won’t Put the Privacy World to Sleep
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Updated: September 23, 2024
Published: April 11, 2024
Hello all, and happy Thursday!
Right on the heels of IAPP’s Global Privacy Summit, U.S. lawmakers gave the privacy community a major surprise in the form of a newly proposed federal data privacy law.
The American Privacy Rights Act (APRA) derives a lot from its predecessor, the American Data Protection and Privacy Act (ADPPA). So much so, that the APRA may very well face the same challenges that eventually put a stop to the ADPPA.
You can read a summary of the law’s major features on our site here.
Nothing is certain at this point, and the APRA has a long road ahead of it before it becomes law—but if I were to hazard a guess, I would predict the APRA will undergo significant changes should it ultimately be enacted. As was the case with the ADPPA, preemption will be a major sticking point for representatives in states with stronger data privacy laws on the books, notably California. Will the APRA preempt the California Privacy Rights Act (CPRA)?
The Executive Director of the California Privacy Protection Agency (CPPA), Ashkan Soltani, certainly seems to feel the same way about the APRA’s preemption as he did about the ADPPA. According to the IAPP, Soltani said:
Americans shouldn't have to settle for a federal privacy law that limits states' ability to advance strong protection in response to rapid changes in technology and emerging threats in policy—particularly when Californians' fundamental rights are at stake. Congress should set a floor, not a ceiling.
California swings a lot of weight around in Congress, so it seems likely that the APRA will need to undergo changes that mollify Californian privacy stakeholders’ concerns. But as I’m sure many of you can attest to, compliance with the current patchwork of state laws is a confusing and difficult task. A single federal law would vastly simplify the work of data privacy compliance for U.S.-based companies.
So, what’s better: Imperfect but comprehensive data privacy protection, or strong but inconsistent data privacy protection? We’ll have to see where California, Congress, and other state legislators stand on this question before we can predict the APRA’s future with any kind of accuracy.
Best,
Arlo
The proposed American Privacy Rights Act (APRA), which was shared Sunday by U.S. Rep. Cathy McMorris Rodgers, R-Wash., and Sen. Maria Cantwell, D-Wash., would introduce a significant shift in how organizations collect, process, and share personal information and set a high bar for data minimization practices. McMorris Rodgers and Cantwell are respective chairs of the House and Senate committees. Each committee would need to approve the bill prior to any potential floor vote.
Maryland legislature has passed the Maryland Online Data Privacy Act, though the law still awaits the governor’s signature. The proposed law would be one of the toughest comprehensive privacy laws among states. If enacted, the bill will take effect 1 Oct. 2025.
The UK Information Commissioner’s Office (ICO) recently published its 2024-2025 priorities for protecting children’s personal data online. The strategy builds on the ICO Children’s Code, introduced in 2021, sets forth priority areas of improvement for social media and video-sharing platforms, and indicates how the ICO will continue to enforce and drive conformance with the Children’s Code.
Under the GDPR, businesses have to report personal data breaches to the local data protection authority. In France, that authority is the Commission Nationale de l'Informatique et des Libertés, or CNIL, which recently released a report analyzing five years of data breaches under the GDPR.
Data privacy is chock-full of acronyms, but few cause more confusion than “DPIAs” and “PIAs.” Learn the difference between these two assessment types in our blog.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.