Hello all, and happy Thursday!
Itâs not news that data privacy regulations are global phenomena now. So, it should come as no surprise that data privacy enforcement is global, too.
The Global Privacy Enforcement Network (GPEN) recently announced its annual sweep of businessesâ privacy compliance. Each year, the sweep focuses on a particular theme. This year, that theme is childrenâs data.
Federal and state regulators in the US, EU data protection authorities, the UK Information Commissionerâs Office, and dozens of other GPEN regulators will be examining websites and mobile apps that are accessed by children or cater to them.
Childrenâs data has always been a lightning rod in the privacy world, but it seems to be getting even more attention lately. Of course, some of that attention is an excuse to undermine privacy protections in the name of safety, but a great deal of it is bona fide.
If your website or app handles childrenâs data, then the best time to bone up on privacy compliance was six months ago; the second-best time is now.
Best,
Arlo
P.S. Next week is Thanksgiving! As such, the Osano team will be taking the day off to celebrate with friends and family. We'll send out the next issue of the Privacy Insider newsletter in December!
Social: The Osano Subreddit Is Open!
Join the Osano Subreddit to ask questions, discuss current privacy developments, chat about the Osano platform, and more!
As governments and businesses reduce digital privacy protections, VPNs have entered the legislative crosshairs. These secure tunnels route web traffic to and from devices via third-party servers. Their use is now surging, driven largely by porn bans and age verification checks, where users can pretend to be in different countries to skirt around new laws and internet policing. As a result, legislators are now considering proposals to ban the use of VPNs.
The US District Court for the Northern District of California dismissed a putative nationwide class action filed by three residents of North Carolina and Oklahoma against California-based Samba TV, Inc. The suit claimed violations of the California Invasion of Privacy Act (CIPA), the Comprehensive Computer Data Access and Fraud Act (CDAFA), and the federal Video Privacy Protection Act (VPPA). The judge dismissed the case on the basis that CIPA and CDAFA only apply to Californians and that the VPPA did not apply to Samba TV.
The Indian government is planning to shorten the timeline for compliance with the Digital Personal Data Protection Act (DPDPA) from the current 12 to 18 months and will soon issue an amendment to that end.
The California Privacy Protection Agency (CPPA) is signaling a significant shift in how it plans to enforce the California Consumer Privacy Act (CCPA). Recently, the CPPA Board advanced several legislative proposals for the 2026 legislative session, with a comprehensive whistleblower program emerging as one of its top priorities.
Recently, the Global Privacy Enforcement Network (GPEN)âa global network of over 30 national data protection authoritiesâannounced the launch of its annual privacy sweep. The purpose of the sweep is to examine how websites and mobile applications commonly used by children handle minorsâ personal information and will include regulators like the FTC, CPPA, as well as UK and EU data protection authorities.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If youâre interested in working at Osano, check out our Careers page!