.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.webp?width=1220&height=1090&name=Osano-guarantee-seal%20(1).webp)
Hello all, and happy Thursday!
Meta is spinning up AI training on EU residents’ data once more after being asked to pause training by the Irish data protection authority last year.
In a blog post, Meta claimed that the European Data Protection Board (EDPB) “affirmed that our original approach met our legal obligations.” But it’ll be interesting to see exactly how an AI trained on EU residents’ data could meet Meta’s legal obligations in the EU.
Technologies for erasing personal data from AI models like ChatGPT or Meta's AI are still in the academic phase. How will EU residents exercise their right to be forgotten? Or if/when Meta’s AI hallucinates details about an EU resident, how will they request the correction of that data?
We’ve already seen other AI models struggle with meeting these requirements. ChatGPT, for example, hallucinated that a Norwegian man murdered his family! The chatbot mixed real, personally identifying information in with the fabricated story, violating the GDPR’s requirement that personal information be accurate.
It’s possible to play whack-a-mole with hallucinations like these and restrict responses known to include false information, but AI models don’t yet have an on/off switch for hallucinations writ large. At a fundamental level, can AI models as they exist today comply with EU law?
Best,
Arlo
Highlights from Osano
What's New From Osano
Blog: AI Risk Management Frameworks to Manage Risks in Artificial Intelligence Systems
AI—it's everyone’s favorite, shiny new toy, but it doesn’t come without risk. Find out how to identify, minimize, and mitigate AI risk in our blog.
In Case You Missed It...
On-Demand: The Privacy Pro Survival Summit
Miss our recent summit? No worries—you can watch the session recordings on demand. If you registered but couldn’t attend, you can access the recordings via your registration email. If you never had the chance to register, use the link below to access the summit recordings.
Podcast: Compliance Is Good Business: Getting Beyond Fines with Tom Fox of Compliance Podcast Network
AI and shifting regulations are dominating headlines, but a bigger transformation is happening in compliance—and businesses that fail to adapt will be left behind. Tom Fox, founder of Compliance Podcast Network, talks to Arlo Gilbert about this shift.
Upcoming Webinars and Events...
The Reluctant Privacy Pro: Shortcuts and Tips for Marketing, Security, IT & More
If you are in marketing, IT, HR, or any other function that handles personal or sensitive data, you may find yourself managing data privacy on top of your regular duties. How can you do right by data privacy, reserve the time and energy for your core work, and do it all without losing your mind? Find out how in our upcoming webinar.
Save Your Seat | May 15th
Join Us at Global Privacy Summit 2025!
Going to IAPP’s Global Privacy Summit (GPS)? So are we! Swing by booth #13 to say hi.
Book Time With Us | April 22nd to 24th
Top Privacy Stories of the Week
Irish Data Protection Commission Announces Inquiry Into X
Ireland’s data protection watchdog announced it will investigate X’s (formerly Twitter’s) processing of personal data comprised in publicly accessible posts made by EU/EEA users, for the purposes of training generative artificial intelligence models, in particular the Grok Large Language Models (LLMs).
NIST Updates Privacy Framework, Tying It to Recent Cybersecurity Guidelines
The National Institute of Standards and Technology (NIST) has published a draft update to the NIST Privacy Framework, aimed at making it compatible with the agency’s Cybersecurity Framework, which received its own update last year. Targeted changes to content and structure respond to stakeholder needs and make the document easier to use. NIST is soliciting feedback on the draft until June 13, 2025.
DOJ Releases FAQs and Compliance Guidance for Final Rule Restricting Flow of Bulk Sensitive Personal Data to China and Other Countries of Concern
Earlier this month, the Department of Justice (DOJ) released additional detail regarding the final rule implementing former President Biden’s executive order limiting the transfer of bulk data to certain countries. The release included additional guidance, frequently asked questions, and an enforcement policy for the first 90 days. Much of the material re-articulated language in the rule, but the release did include some notable new information for organizations assessing their compliance.
Businesses Get Big Privacy Win in Tester Plaintiffs’ Wiretapping Case: 3 Key Takeaways
A California federal court just held that a “tester” plaintiff—someone who visits websites for purposes of initiating litigation—cannot bring a claim under the California Invasion of Privacy Act (CIPA). The recent decision not only provides a defense for businesses facing lawsuits by tester plaintiffs but also bolsters another unrelated defense: setting privacy expectations with consumers.
Meta Says It Will Resume AI Training with Public Content from European Users
Recently, Meta said that it will start using publicly available content from European users to train its artificial intelligence models, resuming work put on hold last year after activists raised concerns about data privacy. Meta noted that a panel of EU privacy regulators in December “affirmed” that its original approach met legal obligations.
Like what you hear from the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
