Platform
- The Osano Platform Overview
  
  Get an overview of the simple, all-in-one data privacy platform
- Cookie Consent
  
  Manage consent for data privacy laws in 50+ countries
- Unified Consent & Preference Hub
  
  Streamline consent, utilize non-cookie data, and enhance customer trust
- Subject Rights Management
  
  Streamline and automate the DSAR workflow
- Data Mapping
  
  Automate and visualize data store discovery and classification
- Vendor Privacy Risk Management
  
  Ensure your customers’ data is in good hands
- Assessments
  
  Efficiently manage assessment workflows using custom or pre-built templates
- Features & Integrations
- Privacy Templates
- GDPR Representative
- Consult Privacy Team
- Regulatory Guidance
- Integrations
Solutions
- By Regulation
- CPRA
  
  Discover how Osano supports CPRA compliance
- CCPA
  
  Learn about the CCPA and how Osano can help
- GDPR
  
  Achieve compliance with one of the world’s most comprehensive data privacy laws
- By Organization Type
- Start-Up
  
  Don’t let data privacy compliance get in the way of growth
- Mid-Sized
  
  Preserve your competitive edge
- Enterprise
  
  Manage data privacy at scale
- By Use Case
- Consent Management
  
  Manage consent without the complexity
- DSAR Automation
  
  Never miss a DSAR deadline again
- Vendor Risk Management
  
  Regain insight and control over your customers’ data
- Privacy Program Management
  
  Build and grow an end-to-end privacy program
Resources
- View All Resources
- Articles
  
  Expert insights on all things privacy
- Resource Center
  
  Key resources to further your data privacy education
- U.S. Data Privacy Laws
  
  A guide to data privacy in the U.S.
- Topics
  
  Research the most essential privacy topics
- Newsletter
  
  Subscribe and become a Privacy Insider
- Our Pledge
  
  No fines, no penalties
- Product Updates
  
  What’s the latest with Osano?
- System Status
  
  What’s the status of account management systems, the platform, and support systems?
Stay in the loop with data privacy.
Get Your Copy of the Book
Company
- About Us
  
  The Osano story
- Careers
  
  Become an Osanian and help us build the future of privacy!
- Contact
  
  We’re eager to hear from you
- Our Pledge
  
  No fines, no penalties
- Data Licensing
  
  Add Osano data privacy ratings and recommendations to your application
- Osano Swag Store
- Press & Media
  
  Inquiries and Osano in the news
- Partners & Resellers
  
  Interested in partnering with us?
Pricing
Sign In Book a Demo

Privacy Insider newsletter: May 25, 2021

Osano Staff

May 25, 2021

Sign up for our newsletter

Welcome to Privacy Insider, a round-up of the week's most important stories.

It's been exactly three years since the EU's General Data Protection Regulation became effective. As a privacy reporter, I think I wrote "What if" stories about life under Europe's sweeping new privacy rule every week from 2016 until its official birthday, May 25, 2018. I remember the sheer panic. Companies terrified of getting slapped with a fine — up to four percent of global turnover — were logging on to privacy chat rooms and attending webinars in record number. It felt like Y2K, like on May 25, everything was going to change. The "gold standard of privacy law" was about to shake up the world.

Three years later, like Y2K, reality doesn't quite align with the expectations.

If you've been paying attention, there's been much criticism over the lack of GDPR enforcement. Sure, there have been headline-making fines, but the number of cases far outweigh the number of decisions DPAs have made. Critics also say the monetary penalties have been too low.

Most companies will tell you the cost of complying with the GDPR's strict provisions on things like consent management and data protection impact assessments have been too burdensome.

What do you think? Has the GDPR lived up to its hype?

For a sampling of reactions, I texted three of my friends in the privacy industry, each of them from a different sector.

I thought my friend Gabe, a DC-based attorney representing big companies regulated by the GDPR, said it well.

He said the GDPR exceeded expectations in its impact on consumer privacy awareness (just read any major newspaper, they've got a privacy reporter on staff). It's forced bigger businesses to clean up their data practices to avoid fines and headlines.

It hasn't stopped bad actors altogether, it hasn't halted tracking and surveilling users online, and it's arguably harder to start a data-driven business in the EU now. Sure, there's some work to do.

But possibly its most significant impact is that we're talking not about "if" we should regulate data governance but "how" we can best regulate it. That's a conversation we here in the U.S. can't even have yet; there's no law to talk about which to speak.

Enjoy reading, and I'll see you next week!

Human rights court: UK spy agency violated right to privacy
Remember Edward Snowden's whistleblowing saga in 2013? The grand chamber of the European court of human rights has finally ruled the U.K. spy agency's methods for "bulk interception of online communications violated the right to privacy," and the regime for collection of data was unlawful, The Guardian reports. The ruling confirms a lower court's 2018 judgment. However, GCHQ changed its surveillance practices in 2016 with the passage of the Investigatory Powers Act.
Read Story

2. Politician who championed the GDPR calls for its reform

This week, one of the EU General Data Protection Regulation's lead politicians has said the law needs revising. In sync with its third anniversary this week, Parliamentarian Viviane Reding, former vice president of the European Commission, said the regulation's enforcement has been uneven. Reding, who lead the GDPR effort through the Commission, said enforcement "against systematic stealing of data for commercial or political purposes is somehow not so strong." Instead, privacy regulators have focused on "the local football club."
Read Story

3. State Senate to vote on New York Privacy Act

New York lawmakers will soon vote on a bill to give consumers more control over their personal data, Spectrum News reports. Senators will vote on the New York Privacy Act, requiring businesses to get consent before sharing consumers' personal data to a third party, the report states. It would also give consumers the right to opt-out of having their data sold and the right to request that a company delete their data.
Read Story

4. How does Virginia's privacy law compare to California's?

Virginia's Consumer Data Protection Act grants Virginia consumers rights over their data. It requires companies covered by the law to comply with rules on the data they collect, how it's treated and protected and with whom it's shared. It contains specific provisions on sensitive data, data used for targeting and data sales. This piece compares CDPA to California's two privacy laws, the California Consumer Privacy Act and the more recent California Privacy Rights Act.
Read Story

5. EU antitrust regulators creeping in on privacy authorities' terrain

The EU antitrust and privacy authorities are getting competitive over the regulation of major tech companies. Where privacy authorities worry about how companies that collect large amounts of personal data are treating it, antitrust authorities worry about the fact they've collected so much at all. The idea is that the companies with the most data have the most market power. And when one company acquires another, the data trove -- and the powerful insights it provides -- can be enormous.
Read Story

6. WhatsApp changes approach, won't punish users

WhatsApp has changed its response to the Indian government over concerns that its new privacy policy violates Indian law. Based on privacy concerns, the government told WhatsApp to withdraw its new policy, First Post reports. WhatsApp said it would start deleting user accounts or disable some functionality for those who didn't accept the new terms. The company now says it will not sanction users and will instead continue to remind users of its new policy.
Read Story

Schedule a demo of Osano today

Privacy Policy Checklist

Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.

Download Now

Osano Staff

The Osano staff is a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet. Occasionally, the team writes under the pen name of our mascot, “Penny, the Privacy Pro.”

Blog

Check out some of our latest articles

Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.

View All Blog Posts View All Resources

Simplify Data Privacy Compliance

With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.

Book a Demo

Cookie Consent

Unified Consent & Preference Hub

Subject Rights Management

Data Mapping

Vendor Privacy Risk Management

Assessments

Privacy Templates

GDPR Representative

Consult Privacy Team

Regulatory Guidance

Integrations

CPRA

CCPA

GDPR

Start-Up

Mid-Sized

Enterprise

Consent Management

DSAR Automation

Vendor Risk Management

Privacy Program Management

Articles

Resource Center

U.S. Data Privacy Laws

Topics

Newsletter

Our Pledge

Product Updates

System Status

About Us

Careers

Contact

Our Pledge

Data Licensing

Osano Swag Store

Press & Media

Partners & Resellers

Privacy Insider newsletter: May 25, 2021

Osano Staff

In this article

Sign up for our newsletter

Share this article

Privacy Policy Checklist

Osano Staff

Osano Staff

Share this article

Blog

Check out some of our latest articles

The Buzz About the APRA

Federal Data Privacy 2.0

Announcing the Launch of the Osano Platform!

Simplify Data Privacy Compliance