Hello all, and happy Thursday!
California recently adjourned its 2023 legislative session, and what a session has it been for the U.S.’s most privacy-focused state.
Among other privacy-related bills, California’s DELETE Act passed the legislature. The act makes it easier for consumers to request the deletion of personal information collected by data brokers.
Meanwhile, bills enacted in previous years came into effect, like the CPRA, or met legal challenges, like the California Age-Appropriate Design Code Act (CAADCA).
With the California legislative session over for 2023, it’s a good time to reflect on how data privacy has fared in California and the U.S. as a whole.
We can tell that there is a broad, popular demand for data privacy regulation. As of this writing, 12 states have their own data privacy laws. But the ultimate shape of data privacy in the U.S. is still being determined; between the less-than-smooth rollout of CPRA rulemaking and legal challenges by business advocacy groups, we can look to California as a bellwether of things to come—both for the other states and any Federal privacy law that may be on the horizon.
Best,
Arlo
It’s tempting to ignore retailers’ data collection activities—after all, who doesn’t want better deals and more relevant products? But in reality, this data collection can not only reveal secrets you’d rather keep hidden, but it can also influence your purchasing behavior so effectively that it rewires your desires.
Irish authorities fined TikTok $367.2 million, saying it breached the country’s data protection laws, including what it said was the misuse of children’s information. Specifically, Irish authorities stated that TikTok misled users into choosing more privacy-intrusive options and that its “family pairing” feature—which allows adults to pair their accounts with a child user account and provides access to direct messages—didn’t verify parent or guardian status.
Despite some anticipation, California legislators ended this session without the passage of a bill regulating the development or deployment of AI systems. Failing to act on AI may reflect the California legislature’s reduced appetite for trailblazing laws that inevitably draw challenges, as was the case with the CCPA/CPRA.
Google will settle a lawsuit from California’s Attorney General Rob Bonta for $93 million. The suit alleged that Google misled consumers on how and when their location information was being tracked and stored. The company misled consumers into believing they had more control over their location information than they actually did.
Senate Bill 362—also known as the DELETE Act—would allow consumers, with a single request, to have every California data broker delete their personal information. Recently, the California legislature passed SB 362, and it now awaits Governor Newsom’s signature.
A Federal Judge temporarily blocked the California Age-Appropriate Design Code Act, stating that the law probably violated the Constitution. The law would require digital platforms to enact stronger data privacy protections by default for younger users.
GDPR compliance can be tricky. Even if you summon the willpower to read through the law’s text, it can be tough to know where to start. As an alternative to pouring through the GDPR’s legalese, one way to establish a foundation is to follow a GDPR compliance checklist.
If you’re interested in working at Osano, check out our Careers page!