Will Google Be Dismantled?
Hello all, and happy Thursday!
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: October 20, 2022
Happy Thursday everybody. I don’t know about you, but when I read that Alexa users are suing Amazon over its alleged collection of Alexa voice data, I thought: yeah, that’s no surprise.
Amazon has always been clear that if you make a purchase through Alexa, then that purchase data will be used to inform which ads it will show you. However, the lawsuit seems to suggest that Alexa is collecting and analyzing voice data from all interactions, not just purchases, and distributing that to ad tech vendors. Amazon stated that “In their complaint, plaintiffs conspicuously never allege facts showing that Amazon uses Alexa recordings to serve interest-based ads (because they have no good-faith basis for that allegation.”
This isn’t the first time that Amazon has been accused of eavesdropping through Alexa devices. In fact, a report from earlier this year by researchers affiliated with the University of Washington, UC Davis, UC Irvine, and Northeastern University concluded that Amazon does indeed collect voice data from interactions, much like this lawsuit alleges.
The researchers found that Amazon collected data through Alexa smart speakers and shared it with as many as 41 advertising partners, a practice that would be inconsistent with its privacy policy. Amazon denied the report’s findings and insisted, again, that only purchase-related data was used for targeted advertising purposes.
There simply isn’t a great deal of transparency over how these devices collect, handle, and disseminate user data. For companies with less-than-perfect data privacy track records, asking customers to trust their smart speakers and other internet-of-things (IoT) devices might be asking too much. Total transparency could be key to winning this trust, but it could also reduce these companies’ competitive advantage. So long as the tension between transparency and competitive advantage exists, it seems unlikely that consumers will ever gain widespread trust in IoT devices.
Best,
Arlo
P.S. If you own an Alexa yourself, don’t forget to check out your Alexa privacy settings. If you use third-party skills, you’ll have to go to the developers’ website to manage your preferences from there.
FTC extends comment period for potential rules regulating commercial surveillance
The Federal Trade Commission (FTC) announced a one-month extension for the public to submit comments on commercial surveillance and lax data security practices. The current deadline for comment submission is now November 21. The purpose of the FTC’s comment-seeking period (known as an Advanced Notice of Proposed Rulemaking, or ANPR) is to explore the harm caused by commercial surveillance and determine whether the FTC should issue new rules regulating these practices.
“Firms now collect personal data on individuals at a massive scale and in a stunning array of contexts,” said FTC Chair Lina M. Khan in the initial ANPC announcement. “The growing digitization of our economy—coupled with business models that can incentivize endless hoovering up of sensitive user data and a vast expansion of how this data is used—means that potentially unlawful practices may be prevalent.”
Read more
David Flaherty’s influence, death marks ‘chapter in modern privacy law’
Former Information and Privacy Commissioner David Flaherty passed away on October 11th, 2022. Flaherty pioneered the study of privacy law and served as British Columbia’s first Information and Privacy Commissioner.
Read more
Alexa users claim Amazon is using voice recordings to target ads
Alexa users are suing Amazon, claiming that the voice assistant product is targeting users with ads based on their recorded conversations. The plaintiffs allege that Amazon used “Alexa-collected voice data” for ad targeting, violating user privacy and engaging in misleading and unfair conduct.
Read more
CPPA publishes first modifications of CPRA draft regulations
The California Privacy Protection Agency (CPPA) released updated California Privacy Rights Act draft regulations, marking the first updates to the initial draft rules released on May 31st. These rules cover select topics under the CPRA, including personal data collection and use restrictions, mandatory user opt-out signal acknowledgment, and privacy notice requirements.
Read more
Third Circuit: Risk of future harm from data breaches grounds for Article III standing
The U.S. Court of Appeals for the Third Circuit recently held in the Clemens v. ExecuPharm Inc. case that data breaches exposing an individual’s personal data create enough increased risk for that individual that they meet what’s called “Article III standing.” In essence, Article III standing means that an individual may bring a lawsuit in federal court, as opposed to lower court systems. The finding has implications for the number of legal risk businesses face following a data breach.
Read more
New kids’ privacy app teaches digital privacy while blocking trackers
The Do Not Track Kids app from the security firm Disconnect blocks trackers across the device it’s installed upon while simultaneously teaching kids about privacy through comic-book-style explainers. Collecting data on children violates COPPA, the Children’s Online Privacy Protection Act, but the law features significant loopholes that permit data collection regardless. One estimate found that digital ad firms collect 72 million data points about children before the age of 13, the age at which data collection first becomes legal.
Read more
Checklist: Set up a scalable, repeatable DSAR process
More and more data privacy laws come online every year, and consumers are becoming increasingly aware of their rights—that’s why it’s essential to develop a data subject access request (DSAR) workflow that keeps you compliant at scale.
Follow Osano’s checklist to set up a scalable DSAR process to avoid noncompliance and minimize interruptions to your workday.
Download the checklist
Interested in working at Osano? Check out our Careers page! We might have the perfect opportunity for you.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.