In this article

Sign up for our newsletter

Share this article

Maybe you’ve seen the latest Osano news already: we’ve launched a new AI assistant trained specifically to handle privacy questions (and it’s just one piece of the AI-powered Osano puzzle).

We could have shipped this months ago. It’s easy enough to wrap a general-purpose model in a privacy-themed chat window, call it done, and put out a press release. Plenty of vendors have taken that shortcut with AI this year.

We spent the extra time instead.

The problem with general-purpose models is that they sound very confident, and they want to give you an answer you’ll like. A dangerous combo in privacy compliance.

Osano’s AI assistant is trained on and cites reputable legal sources, so you can always verify it’s accurate. We went a step further than that and actually had it take the CIPP/US practice exam, giving it questions and submitting responses verbatim. It passed. Check out the full story here.

Even with privacy-specific training, reputable sourcing, and passing the CIPP/US practice exam, we know responsible AI in the privacy context requires not just human oversight, but human expertise. So, for the questions that are high stakes or high complexity, you can escalate to a CIPP-certified member of the Osano team.

I’m really proud of what our team built, and I’m beyond excited for Osano users to put it through its paces.

Best,
Arlo

Highlights From Osano

New From Osano

Product Update: Why We Built an AI That Passed the Bar Exam of Privacy

Privacy questions have a way of landing on whoever happens to be nearby. Marketing managers, ops leads, HR pros–these professionals never planned on becoming a privacy expert. When they have to field a question that’s out of their wheelhouse, they reach for ChatGPT; and that’s dangerous. So, we built a privacy-trained AI tailor made to support Osano users' compliance.

Read more

Events

Opted Out. Still Tracked. The Marketing & Consent Webinar Series

A three-part series exploring the practically universal problem of marketing data trackers continuing to fire even after consumer opt outs. Learn why 79% of websites have broken opt-outs in part one, “Your Consent Banner Is Lying to You” on July 16; how to fix broken opt-outs in part two, “A Blueprint for Simple, Compliant Data Collection” on July 23, and see how it all comes together in part three, “A Real-World Audit of Consent Gone Wrong/Right” on July 30.

Register here



Top Privacy Stories of the Week

New Jersey Bans the Sale of Sensitive Data, Creates Data Broker Registry

New Jersey’s A5328 bans the sale of sensitive data—including health, geolocation, and biometric data—by any individual or entity, with penalties up to $50,000 per record. The law also creates a first-of-its-kind “data collector” registry category, sweeping in companies with direct consumer relationships that license data downstream to brokers, with registration fees reaching $1.5 million.

Read more

States Extract a Second 23andMe Settlement—This Time It’s the AGs’ Turn

A coalition of 42 state attorneys general, led by Connecticut’s William Tong, secured a $150 million settlement with 23andMe’s bankruptcy estate over the 2023 breach that exposed genetic data from 6.9 million people—on top of last week’s $46.75 million consumer class settlement. Non-monetary terms include mandatory security upgrades, risk assessments, and a binding commitment to honor deletion rights going forward.

Read more

FTC Fines Tenant-Screening Company RentGrow $2.25 Million Over Bad Data

The FTC fined tenant-screening company RentGrow $2.25 million for violating the FCRA, alleging duplicate criminal and eviction records inflated applicants’ files and that consumer disputes were sometimes dismissed without real review. The case is a reminder that data accuracy—not just data security—is squarely a privacy compliance issue.

Read more

EU Quietly Extends “Chat Control” Message-Scanning Regime to 2028

The European Parliament voted 314-276 against extending the EU’s “Chat Control” private-message-scanning regime—but fell 47 votes short of the absolute majority needed to actually kill it, so the measure rolls forward to April 2028 anyway. A companion amendment does wall off end-to-end encrypted services like WhatsApp, Signal, Proton, and Tuta from the scanning requirement entirely.

Read more

New Jersey’s “Kids Code” Act Awaits the Governor’s Signature

New Jersey’s legislature passed one of the country’s strongest “Kids Code” laws, requiring the highest privacy settings by default for minors, banning engagement-driven algorithmic feeds for kids, and creating a private right of action—all without requiring age verification. The bill now awaits Governor Sherrill’s signature.

Read more

Like What You See in the Privacy Insider newsletter?

There's more to explore:

🎙️The Privacy Insider Podcast

We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.

📱 The Osano Subreddit

Join our official subreddit to stay up to date on the latest news, analysis, guidance, and content from Osano!

đź“– The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands

The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.

If you’re interested in working at Osano, check out our Careers page! 

Get a demo of Osano today
Share this article