Hello all, and thanks for reading today.
For years, the Australian government had been a little sleepy on the subject of data privacy. But in the last few years, activity has been ramping up—and then in the last few weeks, Australia hit us with two major privacy developments: A significant reform to its longstanding Privacy Act and an outright ban against under-16-year-olds accessing social media.
The Privacy Act reforms implement 23 of the 25 recommendations made in a 2023 report by the Australian Attorney General reviewing the decades-old law. The initial changes primarily bolster the Privacy Act’s enforceability, creating new tiers of penalties, giving authorities new investigatory powers, and the like.
This is good news in general, but it’s especially timely given the passage of the Online Safety Amendment (Social Media Minimum Age) Bill, which bans children under 16 from using social media.
Bills like this one are always controversial—on the one hand, children’s safety is important; on the other, verifying users’ age can involve violating their privacy. If you’re a social media company, do you simply ask a user to click a button affirming they’re over 16? Or do you collect more information on them to verify their identity? Do you go so far as to collect biometric data?
Best practices for compliance with this bill have yet to be determined, but it is reassuring to see Australian privacy stakeholders analyzing the tradeoff between privacy and safety. Time will tell whether the bill actually leads to more safety for children without compromising their privacy.
Best,
Arlo
Eight new data privacy laws go into effect over the course of 2025. Is your organization prepared? Find out all the essential information for compliance here.
What does theology have to do with AI? A lot: Theological principles can guide values and ethics, and quite frankly, we need to be sure we have some around coexisting with AI. The latest episode of The Privacy Insider podcast explores the ethical implications of AI and how we can all guide responsible innovation and create space for both AI and humanity.
noyb (None of Your Business), a privacy advocacy group, has been granted the status of a "qualified entity" in Belgium. This allows them to bring collective redress actions, or class-action lawsuits, on behalf of consumers for data protection violations. The group has been highly active in filing complaints against non-compliant organizations.
The Parliament of Australia used the final days of its 2024 legislative session to finalize the first wave of reforms aimed at modernizing the Privacy Act while also adopting a social media bill requiring age verification and a ban on social media use by minors under age 16. The privacy reforms bring Australia’s Privacy Act more in line with modern privacy regulations, while the social media ban for children is among the first of its kind.
The UK’s new iteration of its GDPR bill is making progress through the legislature. If it's successful, how should businesses respond?
The Federal Trade Commission is taking action against Gravy Analytics Inc. and its subsidiary Venntel Inc., for unlawfully tracking and selling sensitive location data from users, including selling data about consumers’ visits to health-related locations and places of worship. Under a proposed order, Gravy Analytics and Venntel will be prohibited from selling, disclosing, or using sensitive location data in any product or service, and must establish a sensitive data location program.
The European Union has enacted two new laws to bolster its cybersecurity defenses and coordination mechanisms. The measures, part of the cybersecurity legislative package, include the Cyber Solidarity Act and amendments to the Cybersecurity Act (CSA). The Cyber Solidarity Act introduces a new cybersecurity alert system, creating a network of national and cross-border cyber hubs across the EU. Meanwhile, the CSA amendments focus on managed security services, enabling the development of European certification schemes for specialized cybersecurity interventions, including incident handling, penetration testing, security audits, and technical consulting.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!