Tryptophan Won’t Put the Privacy World to Sleep
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: May 18, 2021
Welcome to Privacy Insider, a round-up of the week's most important stories.
This week, France unveiled its national strategy to build a "sovereign cloud" for its citizens."France must equip itself with a trusted cloud because data is strategic," said France Minister of the Economy Bruno Le Maire. "Much of the economic value in the 21st century will come from data, which is why it is essential to protect it."
He means that American cloud services are making money off French data, and France needs to up its game to compete globally. As News in 24 reports, Amazon, Google and Microsoft own 70 percent of the European market.
And while Le Maire is an economics guy, he's pitching the development of a "trustworthy cloud" label to indicate companies that meet French standards set out by its cybersecurity agency, the ANSSI.
The necessity to verify a company is trustworthy stems from French mistrust of U.S. data privacy because U.S. law allows national law enforcement agencies access to innocent peoples' data to fight crime. These policies have long been a point of contention between the EU and the U.S., as I discussed in last week's love letter to you.
Reading the news that France is strategizing on keeping citizens' data on French soil isn't surprising, but it is disheartening. It's only the latest in countless stories in which government or private agencies note, rightly, that the U.S. isn't up to snuff on data privacy. It's the reason the Schrems II case continues, and it's the reason trans-border data-sharing frameworks keep burning to the ground.
And while some say the U.S. should pass a privacy law that would assure its global partners their data will be protected in its hands, that conversation stalls whenever lawmakers hint that national security policies may have to change for that to happen.
Of course, national security is essential, and there are many intelligent and reasonable people doing the intelligence work that helps keep us safe. But there also a lot of people and companies in the U.S. who want to do the right thing on data privacy, and it's a shame they -- in effect -- have to say to customers, "We will absolutely keep your data private, unless ... "
As an American, it feels like: If we're going to lead the work in tech, we should also lead the world in protecting its users.
Enjoy reading, and I'll see you next week!
2. Google imposes privacy-disclosure requirements for apps
Beginning next year, Google will require Android mobile apps to provide privacy disclosures. The new policy requires apps to include what personal information it collects, whether that information is shared and whether the app uses encryption, National Law Review reports. Apps must also disclose whether a third party has verified their claims are valid and whether users can delete their data. The news follows Apple's move last year to include privacy nutrition labels in its App Store.
Read Story
3. GDPR fines since 2018 total €292 million
It's been three years since the EU General Data Protection Regulation came into effect. Since then, every EU member state and the U.K. has issued at least one GDPR fine, according to a tracking dashboard. Italy, France, and Germany have given the highest amount in fines, while Spain, Italy, and Romania have issued the most penalties.
Read Story
4. Facebook loses legal challenge to Irish regulator's data-transfer decision
ComputerWeekly reports the Irish High Court has dismissed a legal challenge by Facebook. The company sought to fight the Irish Data Protection Commissioner's draft decision to suspend transfers of European data to the U.S. But the High Court said Facebook Ireland hadn't established any basis for "impugning" the judgment, the report states. The case stems from Max Schrems' claims that the transfers breach EU privacy law because they subject EU citizens to U.S. mass surveillance programs. The High Court decision allows the Irish DPC to continue its work on the case.
Read Story
5. Eufy breach had users watching each others' camera streams
A privacy breach at appliance-company Eufy meant strangers could view both live and recorded video from each others' home cameras. Affected users first reported the issue on Reddit, reports 9to5Mac. Eufy stated that a software bug caused the breach, affecting a limited number of users in the U.S., New Zealand and Australia, among others. The company resolved the problem within two hours, the company said.
Read Story
6. WhatsApp delays privacy policy changes in Brazil
WhatsApp is delaying implementing its new privacy policy while Brazilian authorities look into its data privacy implications. WhatsApp users in Brazil will be able to use the app for three months before agreeing to the new policy. The decision comes after discussions between the messaging service and Brazil's National Data Protection Authority (DPA), among other stakeholders. The DPA will now investigate whether the new policy complies with the country's data protection regulation.
Read Story
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Osano Staff is pseudonym used by team members when authorship may not be relevant. Osanians are a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.