Hello all, and happy Thursday!
Age verification has always been a controversial topic in the privacy sphere. On the one hand, young audiences shouldn’t be exposed to any and all content on the internet. On the other, the excess data collection required to verify ages is a privacy morass—especially when every service uses its own age verification system and its own privacy and security standards (or lack thereof).
That’s why states have been enacting legislation that pushes the responsibility of age verification to operating system and app store providers, rather than individual app developers. Utah, Texas, and most recently, California have adopted legislation to this effect with the Utah App Store Accountability Act, the Texas App Store Accountability Act, and the Digital Age Assurance Act, respectively.
While Utah and Texas both require actual age verification from app store providers and all of the data processing that entails, California’s law merely requires app store users to indicate their age when setting up their profile. This signal constitutes “actual knowledge’ of the user’s age, potentially triggering compliance with COPPA and the CCPA.
While Texas’s and Utah’s approach aren’t perfect, they’re still tangibly better for users’ privacy relative to verifying their identity with dozens of different app developers. That is, of course, assuming app store providers maintain appropriate safeguards.
Best,
Arlo
Podcast: Where Tabletop Games Meet the Future of Privacy with Dr. Tehilla Shwartz Altschuler of the Israel Democracy Institute
Dr. Tehilla Shwartz Altshuler is at the forefront of conversations where technology, democracy, and human rights collide. With Israel recently updating its privacy law and global debates intensifying around AI, smart glasses, and workplace surveillance, Tehilla’s work highlights what’s at stake if regulation lags behind reality.
Blog: Data Privacy Management Software: Find the Best Data Privacy Solution for You
Embarked on your software evaluation journey, or know someone who is? Our comparison guide highlights the strengths and weaknesses of the top data privacy solutions.
Event: P.S.R.
Come by booth 400 at this year’s Privacy. Security. Risk (P.S.R.) conference! Not only will your favorite privacy vendor be in attendance, but you’ll also have the opportunity to schedule a one-on-one strategy chat with our privacy experts, enjoy a(n awkward family) photo-worthy Osanoverse experience, and more.
Schedule time at the booth | October 28-31 | San Diego, CA
Following a series of high-profile data breaches in which users’ IDs were leaked, Governor Newsom recently signed the Digital Age Assurance Act into law. The act requires operating system developers to communicate age signals to app developers upon request, hopefully mitigating the security risks associated with requiring individual developers to verify users’ ages.
Last month, British television presenter and MasterChef co-host Gregg Wallace launched a widely reported legal action against the BBC, claiming that its failure to comply with his data subject access requests had caused him “distress and harassment”. Wallace's DSAR and lawsuit provide insight for organizations seeking to better understand DSAR risks.
Google has officially pulled the plug on its long-touted Privacy Sandbox initiative, marking the end of a six-year effort to reshape online privacy and tracking. Launched in 2019, the project aimed to phase out third-party cookies in Chrome while introducing alternative technologies for targeted advertising. In contrast to browsers like Safari and Firefox, Chrome will continue to use third-party cookies.
Recently, California Governor Gavin Newsom signed Senate Bill 446, which strengthens California’s existing data-breach disclosure requirements. The law requires businesses and individuals that conduct business in the state to notify affected consumers of a data breach within 30 calendar days of discovering or being notified of the incident. It also shortens the timeline for reporting large-scale breaches to the California Attorney General.
A viral app called Neon, which offers to record your phone calls and pay you for the audio so it can sell that data to AI companies, rapidly rose to the top-five free iPhone apps since its launch last month. However, a security flaw allowed anyone to access the phone numbers, call recordings, and transcripts of any other user. Now, the app has been taken down.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!