Tryptophan Won’t Put the Privacy World to Sleep
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: May 11, 2023
Hello all, and happy Thursday!
You may have heard that ChatGPT is back online in Italy after implementing a few minor privacy controls to address data protection authorities' immediate concerns over GDPR violations. However, the odds are good that ChatGPT will face additional data privacy challenges under the GDPR. But these challenges aren't unique to ChatGPT, OpenAI, and the GDPR; pretty much any large language model (LLM) will butt heads with any data privacy regulation.
LLMs are trained on massive databases of textual information, which could include the text of Shakespeare, internet forum comments, or your personal information. It isn't feasible to manually sift through the entire corpus for personal information and ask for every data subject's consent, and it's dubious whether a business could secure another legal basis for processing that information under the GDPR.
Finding personal information within the massive datasets used to train AI is another issue. How will data subjects request their personal information be deleted?
Lastly, LLMs need to retain data indefinitely so that they can continuously refine and improve. That doesn't exactly mesh with the GDPR's data minimization and retention principles.
The EU has been working on an AI regulation to contend with the unique challenges posed by AI, but ChatGPT's explosion in popularity threw a wrench in the gears. It became clear the proposed AI Act lacked the ability to effectively regulate LLMs, "foundation models," and "General Purpose AI Systems (GPAIs)." However, the AI Act is still a few years off; until then, AI businesses will need to figure out a way to live alongside data privacy regulations like the GDPR.
Best,
Arlo
Twitter Breaks Its Silence on Bug that Showed Private Tweets to a Wider Audience
A bug related to Twitter’s Circle feature, which allows closed groups of contacts to tweet with one another, revealed private tweets outside of Twitter Circles. According to an email from Twitter, the bug has been fixed.
Court Dismisses FTC’s Suit Against Kochava… for Now
Kochava—a data broker accused of selling location data that could be used to track individuals traveling to and from sensitive locations like healthcare clinics and domestic violence shelters—has successfully beat an FTC lawsuit. A federal judge dismissed the case, stating, that “the FTC has not adequately alleged a likelihood of substantial consumer injury.”
Pornhub Blocks Utah Users Ahead of Age Verification Law
In response to a Utah law requiring pornographic companies to verify the age of users through a "digitised verification card,” Pornhub has opted to disable access to Utah residents. Instead, Utah residents visiting the website are greeted with a message arguing that the law puts their privacy at risk.
How to Ask OpenAI for Your Personal Data to Be Deleted or Not Used to Train Its AIs
In order to comply with the GDPR, OpenAI has given EU users controls over whether or not their personal data is used to train ChatGPT and other AI technologies. While the new controls bring the company closer to compliance with local data privacy regulations, much remains to address the privacy issues of AI in general and ChatGPT specifically.
Indiana Governor Signs a Comprehensive Privacy Act into Law
Right on the heels of Iowa, Indiana has become the seventh U.S. state to pass a comprehensive privacy law. While much of the law mirrors what other states have done in regard to data privacy, there are some significant departures.
OpenAI’s Regulatory Troubles Are Only Just Beginning
On April 28th, ChatGPT resumed service in Italy after making minor adjustments to address GDPR concerns. However, more rigorous investigations by other data protection authorities are underway, and the EU is developing a law specifically designed to regulate AI, too.
CJEU Rules on GDPR Compensation
The Court of Justice of the EU has ruled that mere infringement of the GDPR does not give rise to a right to compensation. Instead, an EU citizen is only entitled to compensation if the violation meets three conditions: infringement of the GDPR, material or non-material damage resulting from that infringement, and a causal link between the damage and the infringement.
The IAPP Launches Its New AI Governance Center
The International Association of Privacy Professionals (IAPP) has launched a new AI Governance Center, whose purpose is to “provide privacy and AI governance professionals with the content, resources, networking, training and certification needed to respond to the complex risks in the AI field.”
Osano Blog: What is the Global Privacy Control (GPC)?
To comply with the CPRA and other privacy laws, businesses have to accept consent preference signals from authorized third parties—not just through their consent banners. It can be tricky to understand what these universal consent preference signals are all about. In this blog, we dive into the most well-known of these signals: The Global Privacy Control, or GPC.
If you’re interested in working at Osano, check out our Careers page! We might have the perfect opportunity for you.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.