.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.webp?width=1220&height=1090&name=Osano-guarantee-seal%20(1).webp)
Hello all, and happy Thursday!
Last week, Republican lawmakers introduced the SECURE Data Act, the third major effort at a federal comprehensive data privacy law after APRA and the ADPPA. Before you get too excited, I struggle to see the path forward for this bill (though it is early days for it in the legislative process).
Unlike APRA and ADPPA, there isn’t much bipartisan support for this law, in part due to a broader preemption of state privacy laws than those bills. APRA and ADPPA preempted state comprehensive data privacy laws, but explicitly preserved several specific state laws (like biometrics, student, and employee privacy laws). In contrast, the SECURE Data just preempts any state law that relates to its provisions.
Preemption of comprehensive data privacy laws was the primary reason why APRA and ADPPA struggled to progress, so it seems unlikely that a broader, more ambiguous preemption will do the trick. But anything’s possible–especially these days.
Best,
Arlo
New from Osano
Blog: The SECURE Data Act: A Federal Privacy Framework (But for Real This Time?)
On April 22, 2026, Rep. John Joyce (R-PA) introduced the Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act, or SECURE Data Act. It’s the first major federal consumer privacy bill released in years—will this time be different?
In Case You Missed It…
Blog: The Alabama Personal Data Protection Act (APDPA): The US Patchwork Gets Patchier
Alabama recently became the 21st state with a data privacy law! It bears resemblance to other Virginia-style privacy laws, but it’s got its own unique features–notably, a rather precise definition of “sales,” the absence of assessment requirements, and more. Check out our blog to get a sense of your requirements and how to become compliant.
Events
Webinar: The Missing Ingredient in Most First-/Zero-Party Data Strategies? Effective Consent Management.
With the future of third-party data trackers looking increasingly uncertain, savvy marketers are investing in first- and zero-party data strategies. They’re optimizing every aspect of their strategies, except for one: collecting and managing consent. In this webinar, Osano experts provide guidance for marketers looking to solve the consent management aspect of their data strategy.
Register | May 14th, 1 PM EST
Top Privacy Stories of the Week
Greece to Ban Anonymity on Social Media
The Greek government is pressing ahead with a plan to ban anonymity on social media, aiming to curb rising toxicity, according to Dimitris Papastergiou, the minister of digital governance. The idea has been circulating for months and is now being handled at the highest levels of government.
Republican Lawmakers to Release National Data Privacy Framework
Key House Republicans recently released two bills that would create a national data privacy proposal and overwrite more than 20 state laws, according to committee staff. The effort includes two bills—the SECURE Data Act, led by Rep. John Joyce (R-Pa.), and a second financial data privacy measure dubbed the GUARD Financial Data Act.
California Privacy Agency Opposes ‘Weaker’ Federal Privacy Bill
California’s privacy agency urged Congress to reject a Republican-led privacy bill unveiled last week, saying it would wipe out privacy rights in the state and kill the agency’s enforcement powers. The SECURE Data Act has a broad preemption provision that would cancel existing rights under the California Consumer Protection Act and Delete Act, Tom Kemp, CalPrivacy’s executive director, wrote in a Monday letter to the House Energy and Commerce Committee, which rolled out the legislation.
EU Rules Reining in Big Tech Will Now Target Cloud Services and AI, Regulators Say
The European Union plans to turn the focus of its landmark rules curbing the power of Big Tech to cloud and artificial intelligence services, aiming to promote fairer competition after seeing positive results in other digital areas, EU regulators said. The EU Commission said the aim was to make cloud services and AI "fairer and more contestable". It will examine whether certain AI services should be designated as virtual assistant core platform services.
US Supreme Court Weighs Privacy Implications of Geofence Warrants
During oral arguments, the US Supreme Court considered whether geofence warrants allow law enforcement agencies to request technology companies to identify devices located within a specific geographic area. The court appeared divided while weighing whether law enforcement's use of location history data violates the Fourth Amendment's protections against unreasonable searches and general warrants.
Like what you see in the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📱 The Osano Subreddit
Join our official subreddit to stay up to date on the latest news, analysis, guidance, and content from Osano!
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
