AI Bellwethers in the US and EU
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Updated: February 17, 2022
Published: December 22, 2020
Welcome to the latest edition of the Privacy Insider newsletter. Each week, we send you the latest and smartest news in the world of data privacy.
It might be the end of 2020, but that doesn't mean on privacy and data protection news slows down. This week, Facebook announced changes to its product to comply with a new EU privacy rule in effect. The ePrivacy Directive's rules have expanded to accommodate more forms of communication.
In addition, a new privacy enforcement agency, established under the law that California voters passed in November, is beginning to take shape. The agency will oversee the implementation of the Consumer Privacy Rights Act, and it's an interesting story because it's unprecedented here in the U.S. The EU's data protection authorities are becoming well seasoned regulators, having overseen compliance with the EU General Data Protection Regulation for two years now. But in the U.S., we've historically had to look to attorneys generals to enforce their state's privacy laws, given the absence of a federal privacy law in the U.S. Most agree they've done a great job, but their mandate is much broader than just privacy. The new agency has a singular purpose.
What's more, the establishment of the California agency could ostensibly be the start of something good here in the U.S. If other states follow suit, perhaps the EU will look more kindly on the seriousness with which the U.S. takes protecting privacy, a shift the U.S. very much needs if it wants to continue a collaborative relationship on both fighting terrorism and commerce, among other priorities.
In fact, a story in today's Privacy Insider looks at one of those important relationships and the privacy criticisms levied against it.
Stay safe and warm this holiday season, and we hope you enjoy this week's edition.
Here are the top stories you might have missed:
New Enforcer of California Privacy Rights Act is faceless, for now
In November, California voters approved Proposition 24, the Consumer Privacy Rights Act (CPRA). The law will replace the California Consumer Privacy Act (CCPA) when it comes into force in January 2023. Importantly, the new law assigns a new data privacy cop on the beat, changing enforcement responsibilities from the state’s attorney general to the California Privacy Protection Agency, reports this Osano blog post.
Read Story
Facebook announces ‘messaging’ changes to accommodate ePrivacy Directive expansion
Responding to changes in the EU’s Privacy and Electronic Communications Directive, which become effective this week, Facebook has announced changes to its messaging products for users, SocialMediaToday reports. The ePrivacy Directive will now cover more forms of digital communication. Facebook said, "People using our messaging and calling services in Europe or interacting with friends and family in Europe may notice some changes to features on Messenger, Instagram and Facebook. In order to comply with the law, we needed to adjust the way our services work, such as further segregating messaging data from other parts of our infrastructure."
Read Story
New Zealand’s updated law carries an ‘I’m sorry’ provision
On Dec. 1, New Zealand’s revised privacy law came into effect. Compliance Week reports on a provision that hasn’t made as much news as the law’s mandatory breach reporting and potential fines: the ability to apologize without admitting guilt. “This brings a very human touch to the legislation that will likely make a big difference in the mediation and settlement process. …. Being able to say ‘I’m sorry this happened to you’ is very different than ‘I’m sorry I caused you harm,’” the report states.
Read Story
Privacy group finds menstruation apps ‘unnecessarily’ storing personal data
Privacy International, a U.K.-based advocacy charity, has found that menstruation apps are unnecessarily storing personal information, The Guardian reports. The group studied five of the most popular menstruation apps and found companies storing “intimate information on users,” including the medication she takes, birth control plans and sexual habits. The group is calling on apps to restrict the amount of information they store and allow for registration to be optional, omitting the requirement for an email address.
Read Story
Opinion: Privacy concerns over EU/US data-sharing valid, but program essential
In an opinion piece for The Hill, a member of the U.S. Civil Liberties and Oversight Board describes the board’s recent review of the Terrorist Finance Tracking Program (TFTP). The program allows the U.S. to provide “a steady dream of valuable intelligence to EU member states” to thwart terrorism on both sides of the Atlantic. However, writes board member Adam Klein, EU officials have repeatedly expressed concerns about the program’s impact on privacy, which Klein calls “legitimate and important,” but notes TFTP “is a truly cooperative arrangement that works well for both sides.”
Read Story
EU data supervisor’s Christmas letter: COVID identified new challenges for privacy leaders
In a Christmas letter, European Data Protection Supervisor Wojciech Wiewiórowski describes his first year in the role under “these extraordinary circumstances.” The EDPS writes that the global COVID pandemic has “served as a magnifying glass for global trends that pervade our societies” and “risks being the perfect occasion for some to exploit the most sensitive attributes of human beings, health data.”
Read Story
Attorneys general coordinating on breach enforcement, settlements
JD Supra reports on an on-the-rise trend: state attorneys general coordinating data breach enforcement. The “AG community is now motivated and experienced when it comes to pursuing such settlements, said Tennessee's chief deputy attorney general Jonathan Skrmetti. His office recently let a joint effort on a Community Health Systems breach in which 6.1 million records were hacked. Collaborating allows the regulators to leverage each others’ resources and experiences, Skrmetti said.
Read Story
Privacy group calls for Florida county to halt student-data program
In a legal analysis published Dec. 19, privacy think-tank the Future of Privacy Forum called on a Florida county’s sheriff’s office and schools to change a program that uses student data to predict future criminality. “The Sheriff’s Office’s current data practices violate not only its contract with the school board but also the privacy protections required by the federal education privacy law,” said the Future of Privacy Forum. It called for “increased transparency, additional training and proactive steps from school administrators to mitigate legal and ethical issues.”
Read Story
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Osano Staff is pseudonym used by team members when authorship may not be relevant. Osanians are a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.