Hello all, and happy Thursday!
With all of the new US data privacy laws coming into effect in 2025 (eight, to be exact), we’ve been thinking of 2025 as the year of subject rights requests (SRRs). But we’d be remiss not to turn our attention back to Europe, where GDPR SRRs are earning extra attention as well!
One of our stories this week focuses on a newly announced Coordinated Enforcement Framework (CEF; can you call it data privacy news if it doesn’t introduce a new acronym?). Thirty-two DPAs across the EU will participate in the CEF, focusing on the GDPR’s right to be forgotten and SRRs exercising that right.
Specifically, DPAs “will check how controllers handle and respond to the requests for erasure that they receive and, in particular, how they apply the conditions and exceptions for the exercise of this right.”
Scroll down to our news stories to check out the details!
Best,
Arlo
.png?width=800&height=400&name=Weathering-the-2025-Whirlwind-1024x512%20(1).png)
Highlights from Osano
What's New?
Blog: AI Governance and Why It’s Necessary
AI isn’t going away anytime soon, but best practices around AI are still developing. How can privacy, security, and GRC professionals better manage the risks and opportunities associated with AI? A robust AI governance framework is key. Find out what AI governance is, how to develop your own framework, and more in our blog.
In Case You Missed It...
Blog: Privacy Governance: A Framework for Data Privacy Protection and Compliance
When you hear the term “privacy governance,” it isn’t always apparent what exactly is involved. We break down the basics of privacy governance and best practices you can apply at your organization in this blog.
Upcoming Webinars and Events...
Get Out of My Brain: Neural Data & Privacy
In March’s edition of our monthly meetup series, Osano’s Product Marketing Manager Jeff Reame and Senior Sales Enablement Manager Caroline Swanson will host an open discussion around the intersection of neural data and data privacy.
Save your seat | March 12th
Weathering the 2025 Whirlwind: How to Keep Calm and Carry On
Privacy is changing fast, are you keeping up? Join Ashley Fowler, Sr Privacy Program Manager at Osano & Olivia Ward, Data Privacy Lawyer at Simmons + Simmons, as they get to the heart of what's important right now.
Save your seat | March 17th
A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow
Whether you are swamped by a deluge of subject rights requests or just want more time to spend on strategic work, managing SRRs effectively is a highly sought-after goal—one that's seldom achieved. In this webinar, Osano’s Senior Product Manager Chris Simpson and Lead Implementation Manager Christie Roy will show you the best (and worst) approaches to handling your SRR workflow.
Save your seat | March 27th
Top Privacy Stories of the Week
Abusers Using Data Protection Law to Get Details on Victims
Sonas Housing, an Irish refuge provider for victims of domestic abuse, reported that a child and protection welfare agency disclosed the personal details of a victimized wife and child to their abuser after the man made a data subject access request.
California’s AI Revolution: Proposed CPPA Regulations Target Automated Decision-Making
The California Privacy Protection Agency (CPPA) Board recently published several draft rules that, if adopted, will make California the next state to regulate AI at a broad and comprehensive scale. The draft rules primarily focus on automated decision-making technology.
Launch of Coordinated Enforcement on the Right to Erasure
32 Data Protection Authorities (DPAs) across Europe are participating in a coordinated enforcement initiative focused on the right to erasure, one of the most frequently exercised GDPR rights and one about which DPAs frequently receive complaints from individuals.
U.S. House Republicans Reignite Efforts to Pass Federal Privacy Law
In a renewed effort to establish a U.S. national data privacy standard, House Republicans have announced a new working group dedicated to drafting comprehensive federal privacy legislation. The initiative, spearheaded by Reps. Brett Guthrie and John Joyce, aims to address longstanding challenges that have hindered previous attempts to create a U.S. federal privacy framework.
ICO Launches Investigation into How Social Platforms Use Children's Personal Data
The U.K. Information Commissioner's Office (ICO) has announced children's privacy investigations into TikTok, Reddit, and Imgur. The probes come as the ICO shed new light on its past and ongoing work to ensure children's online safety, including a comprehensive progress report on the application of the U.K. Children's Code. The TikTok investigation aims to review how it applies the personal information of users aged 13-17 to support algorithms for content recommendation. The probes into Reddit and Imgur will explore the platforms' use of children's data more broadly while also examining their age assurance tools.
Like what you hear from the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!