Hello all, and happy Thursday!
Our headline story this week is one that you’re probably already aware of if you keep your finger on the pulse of the data privacy world: proposed EU data privacy reforms (known as the Digital Omnibus) have been leaked, and privacy advocates are feeling a bit grumpy about what the reforms propose.
The big caveat here is that the leaked documents are a draft—it’s almost a certainty that whatever actually gets enacted will differ significantly. The overall takeaway, however, is that these reforms appear to favor big tech companies and AI developers at the expense of individual privacy rights. They narrow the scope of what’s considered personal data, permit the use of the “legitimate interest” legal basis for AI training, reduce data subject rights, and more.
Check out none of your business’s (noyb’s) write-up on the proposed changes and why they’re concerned here.
Best,
Arlo
Social: The Osano Subreddit Is Open!
Join the Osano Subreddit to ask questions, discuss current privacy developments, chat about the Osano platform, and more!
Blog: 2026 CCPA Amendments: New Privacy Rules in California
2026 is right around the corner, and with it, new CCPA rules. With new requirements surrounding assessments, cybersecurity audits, sensitive personal information, and more, businesses have their hands full updating their privacy programs for 2026 compliance. Check out our blog to learn all about the new changes.
Cutting down on the alphabet soup in the privacy world, the CPPA has rebranded its consumer-facing administration to CalPrivacy. In support of its more consumer-friendly approach to privacy, CalPrivacy announced the rebrand along with tips and resources for consumers to protect their privacy.
A draft of the European Commission’s proposed “Digital Omnibus,” which would merge and simplify the GDPR, AI Act, ePrivacy Directive, and similar digital regulations, has been leaked. The draft isn’t official and is only a draft, but it’s already drawing criticism from privacy advocates for watering down privacy protections in the EU.
The new CCPA amendments represent a sea change in U.S. privacy regulation in several respects. Perhaps most notably, the regulations impose a variety of obligations for businesses to designate certain individuals who are responsible for the business’s privacy, artificial intelligence, and cybersecurity practices. Find out what these new individual obligations and liabilities are here.
The Attorneys General of Connecticut, California, and New York recently reached a $5.1 million settlement with Illuminate Education for failing to implement proper security measures to protect the data of students that it was holding. What should companies that provide services to school districts or otherwise process the personal information of students know about this development?
Makers of government spyware claim their surveillance technology is intended to be used only against serious criminals and terrorists and only in limited cases. However, evidence gathered from dozens, if not hundreds, of documented instances of spyware abuse all over the world shows that neither of those arguments is true.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!