.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.webp?width=1220&height=1090&name=Osano-guarantee-seal%20(1).webp)
Hello all, and happy Thursday!
Yesterday, Australia banned under-16-year-olds from accessing social media platforms.
I’m not going to argue whether or not this is a good idea (though admittedly, our children's brains evolved to develop in the African savannah, not on TikTok). What interests me specifically is how the ban is going to be implemented.
The law leaves age verification up to the social media platform. That means there will be a plethora of different approaches to age verification–some of which will adhere to higher or lower standards of privacy protection. Social media platforms have already indicated that they will be collecting biometric data from selfies and behavioral data to build a profile of users to estimate their age, among other methods.
An arguably better approach is what California has chosen to do. Its Digital Age Assurance Act requires OS and app store developers to ask users to indicate their age during account creation. Then, that indicated age serves as the source of truth for downstream app developers when asking for age verification. Less data collection and proliferation, no need for biometrics or ID photos, and, in theory, fewer privacy risks.
Best,
Arlo
P.S. Keep an eye out for the upcoming episode of the Privacy Insider Podcast, where I talk with Data Protection Commissioner Brent Homan about (among other topics) approaches to protecting children online.
Highlights From Osano
In Case You Missed It...
Blog: Top 10 EU Data Privacy Changes in the Digital Omnibus Proposal
The EU Commission’s proposed changes to the GDPR, AI Act, ePrivacy Directive, and other EU digital regulations would mark a sea change in privacy regulation. It’s not law yet–but if it is enacted, what should you be aware of?
Webinar: Untangling 2026 Privacy: New Laws, Amendments, Enforcement, and More
2025 was confusing enough–between the flurry of amendments, enforcement, and brand new privacy laws, 2026 threatens to be even more complicated for businesses trying to stay on the right side of compliance. In our upcoming webinar, legal and privacy experts break down exactly what you need to know to get through 2026 without being tied into knots over privacy.
Save your seat | January 15th, 1 pm EST
Top Privacy Stories of the Week
‘Pay or Okay’ Study: Users Prefer a Tracking-Free Third Option
Having to pay a fee or agree to being tracked for targeted advertising is a choice that many online users have to make these days. Over the last few years, news media websites, Facebook, Instagram, and many others have started to use such a Pay or Okay system. Privacy advocacy group none of your business (“noyb”) commissioned a study on Pay or Okay systems, finding that most users prefer free access with generalized advertising over targeted advertising or paid ad-free options.
Cookies: American Express Fined €1.5 million by the French Data Protection Authority
In January 2023, the CNIL (France’s data protection authority) carried out several investigations of American Express’s French website and the company's premises. Based on its findings, the CNIL found that American Express had failed to comply with cookie consent rules and imposed a fine of €1.5 million.
2026 Updates to State Consumer Privacy Disclosures
What changes do the new laws coming into effect in 2026 require for your privacy disclosures? Morrison Foerster provides a brief summary here.
Australia Begins Enforcing World-First Teen Social Media Ban
Recently, Australia became the first country to ban social media for children under 16, blocking access in a move welcomed by many parents and child advocates but criticised by major technology companies and free-speech advocates. Enforcing the ban will also require various age identification methods, many of which may involve data collection.
The Electronic Frontier Foundation: The UK Has It Wrong on Digital ID. Here’s Why.
In late September, the United Kingdom’s Prime Minister Keir Starmer announced his government’s plans to introduce a new digital ID scheme that will provide information like people’s name, date of birth, nationality, or residency status, and photo to verify their right to live and work in the country. The Electronic Frontier Foundation (EFF) lays out why it believes this system is fundamentally incompatible with a privacy-protecting and human rights-defending democracy.
Like what you see in the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📱 The Osano Subreddit
Join our official subreddit to stay up to date on the latest news, analysis, guidance, and content from Osano!
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
