Hello all, and happy Thursday!
It certainly hasn’t been a quiet May.
In the past few weeks, there’s been a whirlwind of privacy news that I'd normally be happy to dedicate a newsletter intro to. You can read more in our news section, but here’s an overview of what’s been going on.
First, we’re seeing more comprehensive privacy laws enter the legislative process in the US. Both Massachusetts and New York have introduced privacy laws this month. Massachusetts’ proposed law does feature a private right of action, however, which has been a fatal flaw in state privacy laws in the past.
Then, there’s Texas’s landmark settlement against Google—an eye-watering $1.4 billion for tracking Texans’ geolocation, incognito searches, and biometrics. This settlement is based on a 2022 lawsuit over Google’s violations of Texas’s Deceptive Trade Practices Act, but it still involves data privacy issues at its core. If the Texas AG had the Texas Data Privacy and Security Act (TDPSA) in their toolkit at the time, you could bet that there would be additional violations brought under the TDPSA.
Lastly, the 23andMe saga seems to be coming to a close. The genetic testing company set alarm bells off when it announced bankruptcy, leaving everyone to wonder what would happen to all the extremely sensitive genetic data it had collected over the years. Now, a pharmaceutical company has announced that they will buy 23andMe—promising to honor the law and 23andMe’s prior commitments to privacy in doing so.
Scroll down to read more!
Best,
Arlo
Like everything else in the privacy world, subject rights requests aren’t standing still. Regulatory guidelines, best practices, consumer expectations, and more are constantly changing—but you can still identify patterns to help you comply more efficiently and secure consumer trust. Read our blog to learn about 5 current SRR trends businesses need to track to earn trust.
If you’ve ever managed consent for your website, then you know that cookie classification—an essential step for regulatory compliance—takes serious time. Or at least, it used to. Learn more about how Osano’s new AI-driven cookie classification saves you time.
Miss our webinar on how to manage data privacy when you really didn’t want to be managing data privacy in the first place? Don’t worry: The recording is available on our site, free and ungated.
Legal and compliance experts are used to being advisors, but modern privacy compliance doesn’t just require you to understand and keep up with regulations (even though that’s a full-time job in and of itself). It requires you to provide guidance on how to translate that regulatory knowledge into practice. Join this webinar to learn how to avoid being a bottleneck and become a valuable business and privacy enabler.
Save Your Seat | May 29th
Legal and compliance experts are used to being advisors—but modern privacy compliance doesn’t just require you to understand and keep up with regulations (even though that’s a full-time job in and of itself). It requires you to provide guidance on how to translate that regulatory knowledge into practice. Join this webinar to learn how to avoid being a bottleneck and become a valuable business and privacy enabler.
Save Your Seat | May 29th
Both the Massachusetts and New York legislatures are considering comprehensive privacy laws. The bills are similar to other state privacy laws, though the Massachusetts law includes significant regulations for data brokers and a private right of action.
Texas Attorney General Ken Paxton announced that his office secured a $1.375 billion settlement after suing Google for violating Texas’s Deceptive Trade Practices Act. The suit centered around Google’s unlawful collection of users’ geolocation, incognito searches, and biometric data.
Pharmaceutical maker Regeneron recently announced it will buy genetic testing company 23andMe for $256 million following a bankruptcy auction. Regeneron said it will acquire 23andMe’s genomics service and its bank of 15 million customers’ personal and genetic data as part of the deal. The pharma giant said it plans to use the 23andMe customer data to help drug discovery, and that it will “prioritize the privacy, security, and ethical use of 23andMe’s customer data.”
President Donald Trump signed legislation that bans the nonconsensual online publication of sexually explicit images and videos. The Take It Down Act makes publishing such content illegal, subjecting violators to mandatory restitution and criminal penalties such as prison, fines, or both.
The Belgian Court of Appeals ruled today that the Transparency and Consent Framework (TCF) currently used as the foundation for most online advertising is illegal in the EU. This decision upholds the findings of the Belgian Data Protection Authority from 2022 that the technology underpinning online ads violates several principles of the GDPR.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!