Tryptophan Won’t Put the Privacy World to Sleep
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: April 13, 2023
Hello all, and happy Thursday!
The concept of “privacy by design” isn’t new—the term was coined way back in the mid-nineties, but it’s only since privacy by design was enshrined in the GDPR that it’s really come to the fore. One of the stories in our newsletter this week really highlights the importance and challenge of privacy by design, I think.
According to Reuters reporting, Tesla workers were able to access videos from Tesla owners’ cars and often shared them around the office. These were recordings of accidents, people caught in embarrassing situations—even (allegedly) of the inside of Elon Musk’s garage. One former employee said, “The people who buy the car, I don't think they know that their privacy is, like, not respected … We could see them doing laundry and really intimate things. We could see their kids.”
Technically, Tesla employees aren’t supposed to be accessing video data for anything other than the analytics and development purposes described in their privacy policy, But the issue is that they can; not that they are or are not allowed.
If a Tesla employee feels like it, there may not be much to stop them from sharing recordings from individuals’ cars. Teslas collect a significant amount of data by design—an example is Tesla’s Sentry Mode, in which external cameras remain on to detect potential threats and which has been described as a “privacy violation on wheels.”
Ultimately, no amount of policy and procedure can truly protect personal information. The only surefire way to protect personal information is to not have to collect it in the first place—which can be achieved by adhering to privacy-by-design and data minimization principles.
Best,
Arlo
Indiana poised to add to U.S. state privacy law patchwork
The Indiana House recently voted unanimously to grant final passage to Senate Bill 5—Indiana’s proposed comprehensive data privacy law—to the state Senate. The Indiana Senate has already voted unanimously to approve the bill earlier, and will now vote on concurrence (considered a formality) before the bill will land on Governor Eric Holcomb’s desk for signature or veto.
'Operation Cookie Monster': International police action seizes dark web market
In a multinational crackdown dubbed "Operation Cookie Monster," UK authorities seized a massive dark web marketplace. They estimated that the service hosted about 80 million credentials and digital fingerprints stolen from more than 2 million people.
Special report: Tesla workers shared sensitive images recorded by customer cars
Between 2019 and 2022, groups of Tesla employees privately shared highly invasive videos and images recorded by customers’ car cameras, according to interviews by Reuters with nine former employees. Although Tesla’s privacy notice claims that any recordings are anonymous and cannot be linked to individuals or their vehicles, several former employees indicated they could identify the locations where recordings were made.
Oops: Samsung employees leaked confidential data to ChatGPT
Mere weeks after lifting a ban on the use of ChatGPT, Samsung discovered that multiple employees had shared proprietary code and meeting transcripts with the AI chatbot. Unless users explicitly choose to opt out of data collection, OpenAI retains all data submitted to ChatGPT in an effort to improve its AI models. In part due to these leaks, Samsung is developing its own AI model.
IAPP GPS 2023: FTC's Bedoya sheds light on generative AI regulation
During the International Association of Privacy Professionals’s (IAPP’s) Global Privacy Summit conference this year, U.S. Federal Trade Commissioner Alvaro Bedoya asserted that there is no need for further regulation to address the privacy concerns related to AI. "The reality is AI is regulated (in the U.S.). Unfair and deceptive trade practices laws apply to AI," Bedoya said.
The U.S. deserves stronger spyware protections than Biden’s executive order
U.S. President Joe Biden has signed an executive order that limits U.S. government agencies from using commercially available spyware—but the Electronic Frontiers Foundation argues that this does not prevent the government use of spyware in the U.S.
Osano Blog: The Iowa Consumer Data Protection Act (ICDPA): The basics
Now that Iowa has joined the five other U.S. states with data privacy laws, what do businesses need to do to get compliant? Fortunately, the Iowa Consumer Data Protection Act appears to be more business friendly than most other laws, but that doesn’t mean compliance is automatic or easy. Read our blog to learn more.
If you’re interested in working at Osano, check out our Careers page! We might have the perfect opportunity for you.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.