TikTok Sues Montana
Hello all, and happy Thursday!Read Now
The simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline the DSAR workflow
Ensure your customers’ data is in good hands
Gain insights with privacy assessment templates and workflow management
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Don’t let data privacy compliance get in the way of growth
Preserve your competitive edge
Manage data privacy at scale
Expert insights on all things privacy
Subscribe and become a Privacy Insider
Research the most essential privacy topics
We'll scan your website for privacy risk at no cost
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
No fines, no penalties
Add Osano data privacy ratings and recommendations to your application
Fresh duds for data privacy fans
April 13, 2023
Hello all, and happy Thursday!
The concept of “privacy by design” isn’t new—the term was coined way back in the mid-nineties, but it’s only since privacy by design was enshrined in the GDPR that it’s really come to the fore. One of the stories in our newsletter this week really highlights the importance and challenge of privacy by design, I think.
According to Reuters reporting, Tesla workers were able to access videos from Tesla owners’ cars and often shared them around the office. These were recordings of accidents, people caught in embarrassing situations—even (allegedly) of the inside of Elon Musk’s garage. One former employee said, “The people who buy the car, I don't think they know that their privacy is, like, not respected … We could see them doing laundry and really intimate things. We could see their kids.”
If a Tesla employee feels like it, there may not be much to stop them from sharing recordings from individuals’ cars. Teslas collect a significant amount of data by design—an example is Tesla’s Sentry Mode, in which external cameras remain on to detect potential threats and which has been described as a “privacy violation on wheels.”
Ultimately, no amount of policy and procedure can truly protect personal information. The only surefire way to protect personal information is to not have to collect it in the first place—which can be achieved by adhering to privacy-by-design and data minimization principles.
Indiana poised to add to U.S. state privacy law patchwork
The Indiana House recently voted unanimously to grant final passage to Senate Bill 5—Indiana’s proposed comprehensive data privacy law—to the state Senate. The Indiana Senate has already voted unanimously to approve the bill earlier, and will now vote on concurrence (considered a formality) before the bill will land on Governor Eric Holcomb’s desk for signature or veto.
'Operation Cookie Monster': International police action seizes dark web market
In a multinational crackdown dubbed "Operation Cookie Monster," UK authorities seized a massive dark web marketplace. They estimated that the service hosted about 80 million credentials and digital fingerprints stolen from more than 2 million people.
Special report: Tesla workers shared sensitive images recorded by customer cars
Between 2019 and 2022, groups of Tesla employees privately shared highly invasive videos and images recorded by customers’ car cameras, according to interviews by Reuters with nine former employees. Although Tesla’s privacy notice claims that any recordings are anonymous and cannot be linked to individuals or their vehicles, several former employees indicated they could identify the locations where recordings were made.
Oops: Samsung employees leaked confidential data to ChatGPT
Mere weeks after lifting a ban on the use of ChatGPT, Samsung discovered that multiple employees had shared proprietary code and meeting transcripts with the AI chatbot. Unless users explicitly choose to opt out of data collection, OpenAI retains all data submitted to ChatGPT in an effort to improve its AI models. In part due to these leaks, Samsung is developing its own AI model.
IAPP GPS 2023: FTC's Bedoya sheds light on generative AI regulation
During the International Association of Privacy Professionals’s (IAPP’s) Global Privacy Summit conference this year, U.S. Federal Trade Commissioner Alvaro Bedoya asserted that there is no need for further regulation to address the privacy concerns related to AI. "The reality is AI is regulated (in the U.S.). Unfair and deceptive trade practices laws apply to AI," Bedoya said.
The U.S. deserves stronger spyware protections than Biden’s executive order
U.S. President Joe Biden has signed an executive order that limits U.S. government agencies from using commercially available spyware—but the Electronic Frontiers Foundation argues that this does not prevent the government use of spyware in the U.S.
Osano Blog: The Iowa Consumer Data Protection Act (ICDPA): The basics
Now that Iowa has joined the five other U.S. states with data privacy laws, what do businesses need to do to get compliant? Fortunately, the Iowa Consumer Data Protection Act appears to be more business friendly than most other laws, but that doesn’t mean compliance is automatic or easy. Read our blog to learn more.
If you’re interested in working at Osano, check out our Careers page! We might have the perfect opportunity for you.
Writer at Osano
Writer at Osano
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
Osano makes it easy. Ready to get serious about data privacy? Choose your plan and get started. All plans come with a 30-day FREE trial!