👶 A Smarter Approach to Age Gates?

Hello all, and happy Thursday! 

 Age verification has always been a controversial topic in the privacy sphere. On the one hand, young audiences shouldn’t be exposed to any and all content on the internet. On the other, the excess data collection required to verify ages is a privacy morass—especially when every service uses its own age verification system and its own privacy and security standards (or lack thereof). 

That’s why states have been enacting legislation that pushes the responsibility of age verification to operating system and app store providers, rather than individual app developers. Utah, Texas, and most recently, California have adopted legislation to this effect with the Utah App Store Accountability Act, the Texas App Store Accountability Act, and the Digital Age Assurance Act, respectively. 

While Utah and Texas both require actual age verification from app store providers and all of the data processing that entails, California’s law merely requires app store users to indicate their age when setting up their profile. This signal constitutes “actual knowledge’ of the user’s age, potentially triggering compliance with COPPA and the CCPA. 

While Texas’s and Utah’s approach aren’t perfect, they’re still tangibly better for users’ privacy relative to verifying their identity with dozens of different app developers. That is, of course, assuming app store providers maintain appropriate safeguards. 

Best, 

Arlo 

Highlights From Osano

New 

Podcast: Where Tabletop Games Meet the Future of Privacy with Dr. Tehilla Shwartz Altschuler of the Israel Democracy Institute 

Dr. Tehilla Shwartz Altshuler is at the forefront of conversations where technology, democracy, and human rights collide. With Israel recently updating its privacy law and global debates intensifying around AI, smart glasses, and workplace surveillance, Tehilla’s work highlights what’s at stake if regulation lags behind reality. 

Listen here 

Blog: Data Privacy Management Software: Find the Best Data Privacy Solution for You 

Embarked on your software evaluation journey, or know someone who is? Our comparison guide highlights the strengths and weaknesses of the top data privacy solutions. 

Read more 

Events 

Event: P.S.R. 

Come by booth 400 at this year’s Privacy. Security. Risk (P.S.R.) conference! Not only will your favorite privacy vendor be in attendance, but you’ll also have the opportunity to schedule a one-on-one strategy chat with our privacy experts, enjoy a(n awkward family) photo-worthy Osanoverse experience, and more. 

Schedule time at the booth | October 28-31 | San Diego, CA 

Top Privacy Stories of the Week

California Governor Newsom Signs Act Pivoting Big Tech Away from Age Gates 

Following a series of high-profile data breaches in which users’ IDs were leaked, Governor Newsom recently signed the Digital Age Assurance Act into law. The act requires operating system developers to communicate age signals to app developers upon request, hopefully mitigating the security risks associated with requiring individual developers to verify users’ ages. 

Read more 

Three Lessons from the Latest Celebrity DSAR 

Last month, British television presenter and MasterChef co-host Gregg Wallace launched a widely reported legal action against the BBC, claiming that its failure to comply with his data subject access requests had caused him “distress and harassment”. Wallace's DSAR and lawsuit provide insight for organizations seeking to better understand DSAR risks. 

Read more  

Google Abandons Privacy Sandbox After Six Years of Regulatory Scrutiny 

Google has officially pulled the plug on its long-touted Privacy Sandbox initiative, marking the end of a six-year effort to reshape online privacy and tracking. Launched in 2019, the project aimed to phase out third-party cookies in Chrome while introducing alternative technologies for targeted advertising. In contrast to browsers like Safari and Firefox, Chrome will continue to use third-party cookies. 

Read more  

California Enacts 30-Day Data Breach Notification Deadline

Recently, California Governor Gavin Newsom signed Senate Bill 446, which strengthens California’s existing data-breach disclosure requirements. The law requires businesses and individuals that conduct business in the state to notify affected consumers of a data breach within 30 calendar days of discovering or being notified of the incident. It also shortens the timeline for reporting large-scale breaches to the California Attorney General. 

Read more  

Viral Call-Recording App Neon Goes Dark After Exposing Users’ Phone Numbers, Call Recordings, And Transcripts 

A viral app called Neon, which offers to record your phone calls and pay you for the audio so it can sell that data to AI companies, rapidly rose to the top-five free iPhone apps since its launch last month. However, a security flaw allowed anyone to access the phone numbers, call recordings, and transcripts of any other user. Now, the app has been taken down. 

Read more 

Like what you hear from the Privacy Insider newsletter?

There's more to explore:

🎙️The Privacy Insider Podcast

We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.

📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands

The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.

If you’re interested in working at Osano, check out our Careers page!