.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
AI Bellwethers in the US and EU
Hello all, and thanks for reading today.
Read Now
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
Hello all, and thanks for reading today.
For years, the Australian government had been a little sleepy on the subject of data privacy. But in the last few years, activity has been ramping up—and then in the last few weeks, Australia hit us with two major privacy developments: A significant reform to its longstanding Privacy Act and an outright ban against under-16-year-olds accessing social media.
The Privacy Act reforms implement 23 of the 25 recommendations made in a 2023 report by the Australian Attorney General reviewing the decades-old law. The initial changes primarily bolster the Privacy Act’s enforceability, creating new tiers of penalties, giving authorities new investigatory powers, and the like.
This is good news in general, but it’s especially timely given the passage of the Online Safety Amendment (Social Media Minimum Age) Bill, which bans children under 16 from using social media.
Bills like this one are always controversial—on the one hand, children’s safety is important; on the other, verifying users’ age can involve violating their privacy. If you’re a social media company, do you simply ask a user to click a button affirming they’re over 16? Or do you collect more information on them to verify their identity? Do you go so far as to collect biometric data?
Best practices for compliance with this bill have yet to be determined, but it is reassuring to see Australian privacy stakeholders analyzing the tradeoff between privacy and safety. Time will tell whether the bill actually leads to more safety for children without compromising their privacy.
Best,
Arlo
Highlights from Osano
What's New
Blog: Privacy Laws 2025: Prepare for the 8 Laws Going into Effect
Eight new data privacy laws go into effect over the course of 2025. Is your organization prepared? Find out all the essential information for compliance here.
In Case You Missed It...
Podcast Episode: I Think, Therefore I Am: AI, Ethics, & Humanity with Dr. Michael Hemenway
What does theology have to do with AI? A lot: Theological principles can guide values and ethics, and quite frankly, we need to be sure we have some around coexisting with AI. The latest episode of The Privacy Insider podcast explores the ethical implications of AI and how we can all guide responsible innovation and create space for both AI and humanity.
Top Privacy Stories of the Week
noyb Is Now Qualified to Bring Collective Redress Actions
noyb (None of Your Business), a privacy advocacy group, has been granted the status of a "qualified entity" in Belgium. This allows them to bring collective redress actions, or class-action lawsuits, on behalf of consumers for data protection violations. The group has been highly active in filing complaints against non-compliant organizations.
Australia Approves First Privacy Act Reforms, Social Media Ban for Minors
The Parliament of Australia used the final days of its 2024 legislative session to finalize the first wave of reforms aimed at modernizing the Privacy Act while also adopting a social media bill requiring age verification and a ban on social media use by minors under age 16. The privacy reforms bring Australia’s Privacy Act more in line with modern privacy regulations, while the social media ban for children is among the first of its kind.
Balancing Act: What the UK’s Data (Use and Access) Bill Means for Businesses
The UK’s new iteration of its GDPR bill is making progress through the legislature. If it's successful, how should businesses respond?
The FTC Proposes Settlements Over Sale of Sensitive Geolocation Data
The Federal Trade Commission is taking action against Gravy Analytics Inc. and its subsidiary Venntel Inc., for unlawfully tracking and selling sensitive location data from users, including selling data about consumers’ visits to health-related locations and places of worship. Under a proposed order, Gravy Analytics and Venntel will be prohibited from selling, disclosing, or using sensitive location data in any product or service, and must establish a sensitive data location program.
EU Enacts New Laws to Strengthen Cybersecurity Defenses and Coordination
The European Union has enacted two new laws to bolster its cybersecurity defenses and coordination mechanisms. The measures, part of the cybersecurity legislative package, include the Cyber Solidarity Act and amendments to the Cybersecurity Act (CSA). The Cyber Solidarity Act introduces a new cybersecurity alert system, creating a network of national and cross-border cyber hubs across the EU. Meanwhile, the CSA amendments focus on managed security services, enabling the development of European certification schemes for specialized cybersecurity interventions, including incident handling, penetration testing, security audits, and technical consulting.
Like what you hear from the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!