VPPA: The 40-Year-Old Law Being Used to Protect Privacy
Hello all, and happy Thursday!Read Now
The simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline the DSAR workflow
Ensure your customers’ data is in good hands
Gain insights with privacy assessment templates and workflow management
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Don’t let data privacy compliance get in the way of growth
Preserve your competitive edge
Manage data privacy at scale
Expert insights on all things privacy
Subscribe and become a Privacy Insider
Research the most essential privacy topics
We'll scan your website for privacy risk at no cost
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
No fines, no penalties
Add Osano data privacy ratings and recommendations to your application
Fresh duds for data privacy fans
February 16, 2021
While no major breaches were disclosed or news-making settlements made, the past week still produced some big privacy news.
First, the EU Commission plans to deem the U.K. an "adequate" third country, meaning data can continue to flow across borders despite its exit from the EU.
Under the EU General Data Protection Regulation (GDPR), companies may transfer data outside of the EU only under certain conditions. The European Commission must deem the home country's data protection rules are comparable to that of the EU.
It's a critical development for companies that transfer data from the EU to the U.K.
EU Vice-President for Values and Transparency Vera Jourova said the U.K. had a leg up on countries outside of the European Economic Area with fundamentally different legal frameworks. The U.K. passed its Data Protection Act in 2018. That law implemented the GDPR into the U.K.'s legal system.
But the Commission's decision to declare the U.K. adequate doesn't mean it's safe forever. The agreement will be reviewed every few years.
Second, the European Data Protection Supervisor (EDPS) has called for planned law reforms to include a ban on targeted advertising.
Let me just say that again: The EDPS wants to ban all targeted advertising.
The EU Commission is working on the Digital Services Act and the Digital Markets Act. The EDPS wants EU lawmakers to consider including the ban to ensure the "fair processing of personal data."
It's a call to action that should send shivers down the online advertising industry's back. For years, the industry has been fighting privacy advocates, claiming its practices are legal under the EU General Data Protection Regulation. Advocates claim the adtech ecosystem is the Wild Wild West. They say online advertising transactions between bidders and buyers expose a tremendous amount of personal data given the various supply chain players. Consumers aren't privy to those transactions and have not given consent.
It's unclear whether the EDPS, Wojciech Wiewiórowski, has significant backing here. If his request gains traction, we can expect a battle royale. The adtech industry is not known for being shy. It will surely get out the proverbial pitchforks before it allows any government to shut its lucrative practices.
Enjoy reading, and we'll see you next week!
2. Companies hit by SolarWinds hack facing costs, liabilities
Victims of what some call the worst security breach in U.S. history are facing high costs and potential liabilities, Bloomberg Law reports. Companies are still trying to figure out if the SolarWinds breach implicated their data. That requires a "digital forensics investigation, typically involving a third-party security vendor," the report states. If a company determines a breach, the victim company must notify those affected and, potentially, state regulators or attorneys general.
3. EU regulator calls for new rules to include complete ban on targeted advertising
The European Data Protection Supervisor (EDPS) has called for a ban on targeted advertising. Wojciech Wiewiórowski released a statement calling for the ban within the Digital Services Act and the Digital Markets Act, which the European Commission is currently negotiating. It published drafts of both proposals in December 2020. The rules aim to "harmonize the responsibilities of online platforms and service providers and to bolster the oversight over the content policies of platforms." A ban on targeting advertising would be devastating to the online advertising industry.
4. Virginia to pass privacy law: Will U.S. government follow suit?
Virginia is on the brink of passing a state privacy law, and several other states are considering their own. Washington, New York, Oklahoma and Utah are all considering various proposals. For years the U.S. has considered passing a federal privacy law. Now, industry pressure to harmonize the rules may finally push the U.S. to act, The Hill reports.
5. Florida to consider consumer privacy law
Florida Gov. Ron DeSantis has announced a new data privacy bill aiming "to shift the balance of power back to Floridians and allow them to have the ultimate say" in how companies use their data, The Capitolist reports. At a press conference this week, DeSantis introduced HB 969, the Consumer Data Privacy Bill, which would allow Floridians to opt-out of the sale of their data by third parties. It also would protect biometric information such as fingerprints and retinal scans.
6. EU groups file privacy complaints against TikTok
Consumer protection groups in Europe have filed a series of complaints alleging TikTok violates EU law, TechCrunch reports. The European Consumer Organisation filed a complaint with the European Commission and EU data protection authorities alleging "misleading data processing and privacy practices" concerning adults and children.
Writer at Osano
Writer at Osano
The Osano staff is a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet. Occasionally, the team writes under the pen name of our mascot, “Penny, the Privacy Pro.”
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
Osano makes it easy. Ready to get serious about data privacy? Choose your plan and get started. All plans come with a 30-day FREE trial!