.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.webp?width=1220&height=1090&name=Osano-guarantee-seal%20(1).webp)
Hello all, and happy Thursday!
Remember that superhero squad of privacy regulators that the CPPA was building? “The Consortium of Privacy Regulators” might not have quite the same ring to it as “the Justice League” or “the Avengers” (and their costumes aren’t as cool either), but that hasn’t stopped them from investigating nefarious deeds—like failing to honor opt-out signals from the Global Privacy Control (GPC).
The California Privacy Protection Agency (CPPA) has announced that it, alongside regulators from Colorado and Connecticut, is investigating businesses’ compliance with GPC signals. In part, failing to honor GPC signals was why Sephora got hit with the first-ever CCPA fine a few years ago.
Scroll down to see our blog post on GPC signals if you need a refresher and to see the CPPA’s press release on their newly announced investigatory sweep.
Best,
Arlo
Highlights From Osano
New From Osano
Blog: How Long Do I Have to Respond to a DSAR?
Human beings are notoriously bad at planning for things. Psychologists call it (unsurprisingly) the “planning fallacy.” You know what makes it even harder to plan? Not knowing when the deadline is. This blog gives you all the deadlines associated with DSARs under different privacy laws.
In Case You Missed It...
Blog: Global Privacy Control (GPC) and Universal Opt-Out
Need a refresh on what the global privacy control (GPC) and other universal opt-out signals are? We’ve got you covered with this blog.
Events
Webinar: Why Should Marketers Give a %#$@ About Data Privacy?
You’ve got pipeline to generate, campaigns to run, and metrics to analyze (SO many metrics)—why should you give a %#$@ about data privacy? Find out in our webinar on September 18th. We'll even bribe woo you with games and prizes to boot.
Register today | September 18th, 1-2 PM EST
Meetup: AI, IRL: At Work
In our last meetup in our AI, IRL series, we talked about all the pitfalls and opportunities that AI brought to bear in our personal lives. Let’s raise the stakes and bring it into the office. How can you use AI safely and effectively in your daily workflows? What should you automate and what should you leave to the humans? Meet with Osano experts and your peers to discuss all there is about AI, IRL at work!
Register today | September 17th, 1-2 PM EST
Event: LogicON
Osano’s Chief Trust & Privacy Officer will be speaking at LogicON 2025! Listen to Rachael Ormiston cover everything you need to know about how to protect privacy in an AI-driven world, as well as all the other speakers’ insights into proving AI’s ROI, surviving AI regulatory overload, finding the human in the AI, and more.
Register today | October 14-16 | Columbus, OH
Top Privacy Stories of the Week
California Privacy Protection Agency (CPPA) Announces Multi-State Sweep of Global Privacy Control (GPC) Compliance
Partnering with regulators from Colorado and Connecticut, the CPPA has launched a multi-state investigation into businesses' compliance with privacy law, with a particular focus on whether businesses are honoring opt-outs from universal opt-out mechanisms like the Global Privacy Control (GPC).
Ex-Meta Employee Files Whistleblower Suit for Alleged Security Flaws at WhatsApp
An ex-Meta employee sued the social media company on Monday over allegations that its WhatsApp messaging service contained “systemic cybersecurity failures” that potentially compromised user privacy. Attaullah Baig, WhatsApp’s former head of security, alleged he “discovered that approximately 1,500 WhatsApp engineers had unrestricted access to user data, including sensitive personal information” and that the employees “could move or steal such data without detection or audit trail.”
Anthropic to Pay Authors $1.5 Billion to Settle Lawsuit Over Pirated Books Used to Train AI Chatbots
Artificial intelligence company Anthropic has agreed to pay $1.5 billion to settle a class-action lawsuit by book authors who say the company took pirated copies of their works to train its chatbot. The settlement works out to approximately $3,000 for each of the estimated 500,000 books covered by the settlement. “As best as we can tell, it’s the largest copyright recovery ever,” said Justin Nelson, a lawyer for the authors. “It is the first of its kind in the AI era.”
Cookies And Advertisements Inserted Between Emails: Google Fined €325M by the CNIL
The French data protection authority has fined Google €325M for displaying advertisements between Gmail users' emails without their consent and for placing cookies when creating Google accounts without valid consent of French users. The display of such advertisements without users’ consent violates the French Postal and Electronic Communications Code (CPCE), and the use of cookies without informed consent violates the GDPR.
Google Hit With $425 Million Jury Verdict in Privacy Trial
Google must pay $425.7 million in compensatory damages for violating the privacy rights of almost 100 million Google users who asked that their account data not be tracked, a jury decided recently. The eight-person jury found that Google deceived its users about a privacy switch in their account settings that would purportedly stop the company from collecting their data across third-party apps. Even if a user flipped the privacy switch, Google continued to save and copy their data in violation of California privacy law.
Like what you hear from the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
đź“– The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
