Platform
- The Osano Platform Overview
  
  Get an overview of the simple, all-in-one data privacy platform
- Features & Integrations
  
  Key Features & Integrations
Solutions
- By Regulation
- CPRA
  
  Discover how Osano supports CPRA compliance
- CCPA
  
  Learn about the CCPA and how Osano can help
- GDPR
  
  Achieve compliance with one of the world’s most comprehensive data privacy laws
- By Role
- For Non-Privacy Experts
  
  Simple and robust compliance for marketers, IT, product, developers, and more
- For Legal & Compliance
  
  Bridge the gap from regulatory knowledge to privacy operations with smart automation
- For GRC, Risk & Security
  
  Manage the full spectrum of risk—privacy included
- By Use Case
- Consent Management
  
  Manage consent without the complexity
- DSAR Automation
  
  Never miss a DSAR deadline again
- Privacy Program Management
  
  Build and grow an end-to-end privacy program
- Vendor Risk Management
  
  Regain insight and control over your customers’ data
Resources
- Resources
  
  Key resources on all things data privacy
- Articles
  
  Expert insights on all things privacy
- Resource Center
  
  Key resources to further your data privacy education
- Customer Stories
  
  Meet some of the 5,000+ leaders using Osano to transform their privacy programs
- U.S. Data Privacy Laws
  
  A guide to data privacy in the U.S.
- Product Updates
  
  What's the latest from Osano?
- Become a Privacy Insider
  
  Data privacy is complex but you're not alone
- The Newsletter
  
  Join our weekly newsletter with over 35,000 subscribers
- The Podcast
  
  Global experts share insights and compelling personal stories about the critical importance of data privacy
- The Book
  
  Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
- Events
  
  Upcoming webinars and in-person events designed for privacy professionals
Latest Blog post

Can AI Models Comply with EU Law at All?

Hello all, and happy Thursday!
Read Now
Company
- About Us
  
  The Osano story
- Careers
  
  Become an Osanian and help us build the future of privacy!
- Contact
  
  We’re eager to hear from you
- Our Pledge
  
  No fines, no penalties
- Data Licensing
  
  Add Osano data privacy ratings and recommendations to your application
- Osano Swag Store
  
  Increase Trust. Stay Compliant. Get Cool Swag.
- Press & Media
  
  Inquiries and Osano in the news
- Partners & Resellers
  
  Interested in partnering with us?
Plans
Sign In Book a Demo

Privacy Insider newsletter: Feb 16, 2021

Osano Staff

Published: February 16, 2021

Sign up for our newsletter

While no major breaches were disclosed or news-making settlements made, the past week still produced some big privacy news.

First, the EU Commission plans to deem the U.K. an "adequate" third country, meaning data can continue to flow across borders despite its exit from the EU.

Under the EU General Data Protection Regulation (GDPR), companies may transfer data outside of the EU only under certain conditions. The European Commission must deem the home country's data protection rules are comparable to that of the EU.

It's a critical development for companies that transfer data from the EU to the U.K.

EU Vice-President for Values and Transparency Vera Jourova said the U.K. had a leg up on countries outside of the European Economic Area with fundamentally different legal frameworks. The U.K. passed its Data Protection Act in 2018. That law implemented the GDPR into the U.K.'s legal system.

But the Commission's decision to declare the U.K. adequate doesn't mean it's safe forever. The agreement will be reviewed every few years.

Second, the European Data Protection Supervisor (EDPS) has called for planned law reforms to include a ban on targeted advertising.

Let me just say that again: The EDPS wants to ban all targeted advertising.

The EU Commission is working on the Digital Services Act and the Digital Markets Act. The EDPS wants EU lawmakers to consider including the ban to ensure the "fair processing of personal data."

It's a call to action that should send shivers down the online advertising industry's back. For years, the industry has been fighting privacy advocates, claiming its practices are legal under the EU General Data Protection Regulation. Advocates claim the adtech ecosystem is the Wild Wild West. They say online advertising transactions between bidders and buyers expose a tremendous amount of personal data given the various supply chain players. Consumers aren't privy to those transactions and have not given consent.

It's unclear whether the EDPS, Wojciech Wiewiórowski, has significant backing here. If his request gains traction, we can expect a battle royale. The adtech industry is not known for being shy. It will surely get out the proverbial pitchforks before it allows any government to shut its lucrative practices.

Enjoy reading, and we'll see you next week!

EU to allow UK data flows post-Brexit

The European Commission will allow data to continue flowing to the U.K. despite its exit from the European Union, Financial Times reports. The Commission will approve a draft decision this week stating that the U.K. has an adequate level of protection for EU citizens' data to cross its borders. The decision to grant the U.K. "adequacy" is a relief to companies regularly transferring data. The Commission will review the agreement every four years.
Read Story
2. Companies hit by SolarWinds hack facing costs, liabilities

Victims of what some call the worst security breach in U.S. history are facing high costs and potential liabilities, Bloomberg Law reports. Companies are still trying to figure out if the SolarWinds breach implicated their data. That requires a "digital forensics investigation, typically involving a third-party security vendor," the report states. If a company determines a breach, the victim company must notify those affected and, potentially, state regulators or attorneys general.
Read Story

3. EU regulator calls for new rules to include complete ban on targeted advertising

The European Data Protection Supervisor (EDPS) has called for a ban on targeted advertising. Wojciech Wiewiórowski released a statement calling for the ban within the Digital Services Act and the Digital Markets Act, which the European Commission is currently negotiating. It published drafts of both proposals in December 2020. The rules aim to "harmonize the responsibilities of online platforms and service providers and to bolster the oversight over the content policies of platforms." A ban on targeting advertising would be devastating to the online advertising industry.
Read Story

4. Virginia to pass privacy law: Will U.S. government follow suit?

Virginia is on the brink of passing a state privacy law, and several other states are considering their own. Washington, New York, Oklahoma and Utah are all considering various proposals. For years the U.S. has considered passing a federal privacy law. Now, industry pressure to harmonize the rules may finally push the U.S. to act, The Hill reports.
Read Story

5. Florida to consider consumer privacy law

Florida Gov. Ron DeSantis has announced a new data privacy bill aiming "to shift the balance of power back to Floridians and allow them to have the ultimate say" in how companies use their data, The Capitolist reports. At a press conference this week, DeSantis introduced HB 969, the Consumer Data Privacy Bill, which would allow Floridians to opt-out of the sale of their data by third parties. It also would protect biometric information such as fingerprints and retinal scans.
Read Story

6. EU groups file privacy complaints against TikTok

Consumer protection groups in Europe have filed a series of complaints alleging TikTok violates EU law, TechCrunch reports. The European Consumer Organisation filed a complaint with the European Commission and EU data protection authorities alleging "misleading data processing and privacy practices" concerning adults and children.
Read Story

Schedule a demo of Osano today

Privacy Policy Checklist

Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.

Download Now

Osano Staff

Osano Staff is pseudonym used by team members when authorship may not be relevant. Osanians are a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet.

Blog

Check out some of our latest articles

Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.

View All Blog Posts View All Resources

Simplify Data Privacy Compliance

With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.

Book a Demo

The Osano Platform Overview

Cookie Consent

Subject Rights Management

Assessments

Unified Consent & Preference Hub

Data Mapping

Vendor Privacy Risk Management

Features & Integrations

TrustHub

Privacy Templates

GDPR Representative

Consult Privacy Team

Regulatory Guidance

Integrations

CPRA

CCPA

GDPR

For Non-Privacy Experts

For Legal & Compliance

For GRC, Risk & Security

Consent Management

DSAR Automation

Privacy Program Management

Vendor Risk Management

Articles

Resource Center

Customer Stories

U.S. Data Privacy Laws

Product Updates

The Newsletter

The Podcast

The Book

Events

Can AI Models Comply with EU Law at All?

About Us

Careers

Contact

Our Pledge

Data Licensing

Osano Swag Store

Press & Media

Partners & Resellers

Privacy Insider newsletter: Feb 16, 2021

Osano Staff

In this article

Sign up for our newsletter

Share this article

Privacy Policy Checklist

Osano Staff

Osano Staff

Share this article

Blog

Check out some of our latest articles

Can AI Models Comply with EU Law at All?

Microsoft Enforcing Consent Signals Starting May 5

Privacy from the US Gov?

Simplify Data Privacy Compliance