Hello all, and happy Thursday!
It’s nearly halfway through 2025, and time keeps ticking away. You know what that means—the seasons change, you find new gray hairs or wrinkles, and new data privacy laws go into effect.
Two new data privacy laws come into effect July 1st and 31st, respectively: Tennessee’s TIPA and Minnesota's MCDPA.
You might be thinking that you don’t target Tennessens and Minnesotans with your products and services, so you don’t have to worry about the TIPA or MCDPA. Well . . . maybe, maybe not.
Even if you don’t go out of your way to serve residents of these states, you may need to comply with them anyhow if enough residents visit your website. Scroll down to read our blogs on the respective state laws, check out the threshold requirements, and see if you’re on the hook for compliance.
Best,
Arlo
Case Study: Gear Patrol Automates DSARs, Manages Consent, and Secures User Trust
Wondering what an Osano implementation could do for your subject rights workflow? Check out how Gear Patrol, a leading product review publication, uses Osano to manage subject rights and consent in service to their readers.
On-Demand: Privacy for Risk Management: Bridge the Business, Technology and Compliance Gaps
If you're in risk management, you sit at the intersection of privacy, security, and compliance. It's a juggling act, and data privacy is just one ball in the air. Learn how you can make data privacy management a cornerstone of your risk management strategy and one less thing to worry about in our on-demand webinar.
Blog: The Tennessee Information Protection Act (TIPA) Comes into Force July 1
If you receive website visitors from Tennessee or serve residents of the state, you’ll want to be familiar with TIPA’s requirements. This new data privacy law comes into effect the first of July.
Blog: Minnesota Consumer Data Privacy Act (MCDPA) Comes into Force July 31
At the end of July, businesses that serve Minnesotans will likely need to comply with the state’s privacy law, the MCDPA. That includes its unique requirements around profiling and data inventories. Check out our blog to learn all about its major requirements.
Nebraska and Vermont are the latest U.S. states to join the growing landscape of children’s online safety laws that have swelled in state chambers in recent years. In doing so, Nebraska and Vermont join California and Maryland, which in 2022 and 2024, respectively, enacted age-appropriate design code laws of their own. Find out how these children’s privacy and protection laws will impact your business.
The UK’s Data (Use and Access) (DUA) Bill recently became law, implementing major reforms to the UK GDPR. The bill—which the government pledges will “unlock the power of data to drive efficiencies in our public services”—establishes new data-sharing rules in the UK. From a real-time map of burst pipes to patient records sent instantly between NHS trusts, to money-saving apps for working families, it promises to quietly improve many aspects of daily life and inject £10 billion into the British economy over ten years. Privacy critics, however, claim it weakens UK residents’ rights.
Recently, California Attorney General Rob Bonta, as part of the Consortium of Privacy Regulators (Consortium), sent a letter to U.S. Senate leaders urging lawmakers to remove a provision in the federal budget reconciliation bill (known as the “Big Beautiful Bill”) that establishes a 10-year ban on states from enforcing any state law or regulation addressing artificial intelligence (AI) and automated decision-making systems.
The EU’s artificial intelligence rules should be paused, Swedish Prime Minister Ulf Kristersson said Monday ahead of a meeting with EU leaders this week in Brussels. Officials in countries including the Czech Republic and Poland have shown openness to the idea of delaying the rules. Kristersson argued that the EU's AI rules were "confusing" during a meeting with Swedish parliament lawmakers on Monday morning and said he would raise this with fellow leaders this week.
A number of previously enacted laws related to privacy and minors’ use of social media platforms will enter into force in July 2025. These laws include comprehensive privacy frameworks in Tennessee and Minnesota, as well as laws governing the use of social media platforms by minors in Georgia and Louisiana. Check out an overview of the laws here.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!