Hello all, and thanks for reading today.
This week, our newsletter features two very different bellwethers for AI regulation.
In the EU, the European Data Protection Board (EDPB) released its opinion on how AI developers might compliantly use personal data in their models. Overall, the opinion underscored the importance of robust data privacy practices when developing or deploying an AI model, particularly privacy by design and assessments.
In the US, soon-to-be President Trump tapped David Sacks to serve as his AI and crypto czar. Sacks is a venture capitalist who recently co-founded an AI chat company. It’s pretty clear that Sacks and the Trump administration intend to take a hands-off, deregulatory approach to AI innovation—though whether that extends to the privacy aspect of AI development remains to be seen.
It seems like AI regulation in the US and EU is falling into the same pattern as privacy regulation. The EU will launch broad, comprehensive, and consumer-friendly regulations that apply across the union; in the US, individual states will deploy their own regulations, most of which will tend to be more business-friendly. As AI technology and its corresponding regulations mature, it’ll be interesting to see which approach yields better outcomes.
Best,
Arlo
Change is the only certainty in life. What changes can you expect to see in data privacy in 2025?
Privacy risk can seem awfully abstract—until you quantify it. This article shows you how to develop a scoring methodology at your organization.
Osano’s Rachael Ormiston teams up with Husch Blackwell’s Shelby Dolen and TK Lively to break down the new requirements businesses will face in 2025.
With more privacy laws to keep track of in 2025, you may be expecting a bigger workload than last year. That doesn’t have to be the case. In this webinar, Osano’s Cait Ward and Chris Simpson teach you how to move faster, gain visibility, shorten the time to deploy banners and assessments, and automate in all the right places.
Save Your Seat | January 16th
The EDPB recently published its opinion on how AI developers might use personal data to develop and deploy AI models, without falling foul of the EU’s privacy laws. The opinion touches on when and how AI models can be considered anonymous and thereby exempt, whether legitimate interest can be used as a legal basis, and what happens to AI models developed with unlawfully processed personal data.
In the wake of a recent health industry ransomware attack, the federal government’s regulation of cybersecurity through HIPAA (Health Insurance Portability and Accountability Act) has come under intense scrutiny. In response, a bipartisan bill has been introduced to Congress that details a new law that stands beside HIPAA called the Health Infrastructure Security and Accountability Act (HISAA), which would create significant new security requirements for HIPAA-covered entities and business associates, especially those that governmental authorities consider to be important to US national security.
Recently, the Office of the Australian Information Commissioner (OAIC) agreed to a $50 million payment program from Meta to settle civil penalty proceedings related to the Cambridge Analytica scandal.
As companies depend on accumulating more consumer data to develop products such as artificial intelligence, targeted advertising, or surveillance pricing tools, they may create valuable pools of information that bad actors can target for illicit gain. As a result, the Federal Trade Commission (FTC) has provided guidance to enable businesses to address systemic causes of risk through the lens of data management, software development, and product design.
President-Elect Donald Trump has announced that David Sacks, a prominent Silicon Valley investor, member of the “PayPal Mafia,” and co-founder of an AI company, will serve as the “White House AI & Crypto Czar.” Sacks’ appointment is widely viewed as a sign that the Trump administration will fulfill its campaign promises to take a pro-industry, deregulatory stance on AI.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!