.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.webp?width=1220&height=1090&name=Osano-guarantee-seal%20(1).webp)
Hello all, and happy Thursday!
2026 is coming in hot!
Just 8 days after Kentucky’s data privacy law went into effect, Kentucky AG Russel Coleman announced a lawsuit against Character Technologies for a variety of violations under a variety of state laws–including the Kentucky Consumer Data Protection Act (KCDPA). The complaint alleges Character Technologies’ chatbot, Character.AI, encouraged self-harm, suicide, isolation, and psychological manipulation; exposed minors to sexual content/exploitation and substance abuse; and collected and processed children’s data without parental consent.
Interestingly, the KCDPA requires a 30-day cure period, in which a violator has the opportunity to fix their violations before being penalized. The AG’s complaint only asks for injunctive (rather than monetary) relief for this particular claim, which may be how the AG’s office is sidestepping the 30-day cure period requirement.
Ultimately, even if the KCDPA violations don’t stick due to the cure period requirement, there are still a number of other laws cited in the lawsuit. And it most certainly serves as a sign that Kentucky plans to enforce its newly effective data privacy law.
Best,
Arlo
P.S. Osano is looking for a Senior Platform Product Manager to join our team! This role will lead the development of Osano’s platform capabilities and will be central to how every Osano product ships, scales, and differentiates. If you or someone in your network would be a good fit, you can find more about the role and apply here.
Events
Webinar: Untangling 2026 Privacy: New Laws, Amendments, Enforcement, and More
Feel like privacy compliance has got you tied into knots? You’re not alone. 2025 was a hectic year for privacy and compliance professionals, and 2026 promises to present even more challenges. On our January 15th webinar, we’ll break down everything you need to know to stay compliant in 2026. Attendees will be eligible to earn 1 CPE credit.
Save your seat | TODAY at 1 pm EST
Webinar: Untap Those Wires: How to Reduce CIPA Risk with Your CMP
The Cold War may be over, but wiretap laws are alive, well, and–if you’re a member of the plaintiff’s bar–very lucrative. Thousands of lawsuits have been filed under decades-old wiretap laws in recent years, with the California Invasion of Privacy Act (CIPA) chief among them. How can you protect your business against opportunistic CIPA lawsuits? Join Osano’s Chief Customer Officer Skye McCullough and Strategic Customer Success Manager Mark Brown on February 5th to discover the answer.
Save your seat | February 5th, 1 pm EST
In Case You Missed It…
Blog: 5 Emerging Data Privacy Trends in 2026
2026 is here, and with it, a whole new privacy landscape to contend with. What emerging trends, patterns, and challenges do privacy pros need to watch out for in order to survive and thrive in the new year? Find out in our blog.
Top Privacy Stories of the Week
Kentucky AG Sues Under KCDPA, 8 Days After Law Comes Online
Kentucky Attorney General Russell Coleman launched a lawsuit against an artificial intelligence chatbot company just 8 days after the Kentucky Consumer Data Protection Act went into effect. The complaint alleges Character.AI exposed children to harmful content and collected and processed children’s data, among other violations.
Poland Faces Millions In EU Fines As President Vetoes Tech Bill
President Karol Nawrocki is holding up a bill that would implement the EU's Digital Services Act, a tech law that allows regulators to police how social media firms moderate content. Nawrocki, an ally of U.S. President Donald Trump, said in a statement that the law would "give control of content on the internet to officials subordinate to the government, not to independent courts." The government coalition led by Prime Minister Donald Tusk, Nawrocki's rival, warned this further exposed them to the risk of EU fines as high as €9.5 million.
CalPrivacy Brings New Round of Enforcement Actions Against Data Brokers
The California Privacy Protection Agency Board has issued two new decisions following settlements reached by the Enforcement Division’s Data Broker Enforcement Strike Force. The first decision requires Rickenbacher Data LLC, d/b/a Datamasters, a Texas-based reseller of personal information for targeted advertising, to pay a $45,000 fine for failing to register as a data broker in violation of California’s Delete Act. The second decision requires S&P Global, Inc., a New York-based provider of data and technology, to pay a $62,600 fine for failing to register as a data broker due to an administrative error.
DOJ Creates Task Force To Challenge State AI Regulations
Recently, the US Department of Justice announced it is creating an artificial intelligence task force to challenge state-level regulations so that AI companies can "be free to innovate without cumbersome regulation.” The memo from Attorney General Pam Bondi cites President Trump's executive order last month aimed at restricting "excessive" state AI rules. The order argued that a "patchwork" of overlapping or contradictory state-by-state regulations could imperil the AI industry—though opponents from both parties have pushed back.
UK Considers Grok Ban Under Online Safety Act
The social media platform X is under pressure from UK ministers after the Grok AI tool was used to generate deepfake images of unsuspecting women and children. The government has said it will support the media regulator Ofcom, which has launched an investigation into X, if it decides to push ahead with a ban.
Like what you see in the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📱 The Osano Subreddit
Join our official subreddit to stay up to date on the latest news, analysis, guidance, and content from Osano!
đź“– The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
