.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.webp?width=1220&height=1090&name=Osano-guarantee-seal%20(1).webp)
Hello all, and happy Thursday!
I’ll be honest: Some weeks, figuring out what to write about in these newsletter intros is a real challenge. Other weeks, there’s an embarrassment of privacy news to unpack. This is one of the latter weeks.
Let’s start with California, which secured a $12.75 million settlement against General Motors (the largest CCPA penalty in the state's history) over allegations that GM sold precise location and driving data from hundreds of thousands of drivers to data brokers without their knowledge or consent.
Days later, Texas Attorney General Ken Paxton filed suit against Netflix, alleging the platform secretly tracked users' viewing habits, device data, and behavioral patterns and shared that information with ad-tech platforms and data brokers like Experian. (If you've ever wondered why your credit score took a hit after binging Bling Empire, well—maybe don't wonder too hard.)
The connecting thread is the data broker pipeline. In both cases, personal data collected in one context—your car, your couch—ended up in the hands of data brokers. You never asked to interact with them, you never bought a product or service from them, and you never consented to giving them your data.
There’s nothing inherently wrong with being a data broker. But buying and selling personal data without giving the data subject visibility and control over what happens to their information is another story.
Best,
Arlo
Events
Webinar: The Missing Ingredient in Most First-/Zero-Party Data Strategies? Effective Consent Management.
With the future of third-party data trackers looking increasingly uncertain, savvy marketers are investing in first- and zero-party data strategies. They’re optimizing every aspect of their strategies, except for one: collecting and managing consent. In this webinar, Osano experts provide guidance for marketers looking to solve the consent management aspect of their data strategy.
Register | TODAY, 1 PM EST
Top Privacy Stories of the Week
General Motors Settles CCPA Violations with California AG for $12.75 Million
California Attorney General Rob Bonta, CalPrivacy, and several California District Attorneys recently announced a settlement with General Motors (GM) regarding its illegal sale of hundreds of thousands of Californians’ location and driving data to two data brokers in violation of the California Consumer Privacy Act (CCPA) and California’s Unfair Competition Law. The settlement, which is subject to court approval, includes $12.75 million in civil penalties and strong injunctive terms, including restrictions on its use of consumer driving data and a ban on such data being sold to data brokers.
Netflix Sued by Texas for Allegedly Spying on Children, Addicting Users
Texas Attorney General Ken Paxton has sued Netflix, accusing the streaming company of spying on children and other consumers by collecting their data without consent, and designing its platform to be addictive. Though some of the suit’s allegations hinge on the collection of behavioral data shared with data brokers and ad-tech, it was filed under the Texas Deceptive Trade Practices Act (TDTPA) rather than Texas’s comprehensive data privacy law.
US Govt Seeks Instructure Testimony on Massive Canvas Cyberattack
The US House Committee on Homeland Security is calling on Instructure executives to testify about two cyberattacks by the ShinyHunters extortion group that targeted the company’s Canvas platform, allowing threat actors to steal student data and disrupt schools during final exams. In a recent letter sent to Instructure CEO Steve Daly, Homeland Security Committee Chairman Andrew R. Garbarino said the committee is investigating the massive breach at Instructure that impacts millions of students.
TikTok Rolls Out ‘Pay or Okay’ Model in UK
TikTok is preparing to roll out a paid, ad-free version of its app in the UK. The new subscription announced today will be available to users over 18 “over the coming months,” according to TikTok’s announcement, and will cost £3.99 (about $5.40) per month. In exchange for that, TikTok will remove ads from the user’s feed and promises not to use their data for undefined “advertising purposes.”
EU Calls VPNs a ‘Loophole’ that ‘Needs Closing’ in Age Verification Laws
Earlier this year, the European Union introduced an application meant to verify the age and identity of citizens accessing the internet as part of an effort to keep underage users off social media. Turns out there’s a slight crack in that otherwise fool-proof approach to verification: VPNs. Now it appears the bloc of nations wants to patch up that hole.
Like what you see in the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📱 The Osano Subreddit
Join our official subreddit to stay up to date on the latest news, analysis, guidance, and content from Osano!
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
