AI Bellwethers in the US and EU
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: July 11, 2024
Hello all, and happy Thursday!
This week, one of our stories focuses on a data privacy lawsuit concerning Peloton. Don’t panic—the issue isn’t centered on their virtual training sessions, so you can keep pedaling alongside Robin Arzón without fear of your personal information leaking. (As far as we know! 🤞)
Instead, the lawsuit centers on Peloton’s website chatbot, where user chat data allegedly was collected to train AI. This may actually be a bigger deal than any data privacy leak associated with the brand’s high-tech stationary bikes. After all, not every business collects data through Internet-of-Things devices—but many, many businesses rely on website chatbots to interact with their customers.
The suit alleges that Peloton violated the California Invasion of Privacy, or CIPA. This Cold War-era law has been making frequent headlines in recent lawsuits. Essentially, recent appellate court decisions have provided plaintiffs’ attorneys the justification needed to repurpose old laws like the CIPA to construe third-party technologies (such as AI-powered chatbots) as wiretaps.
Since this is an active and evolving legal issue, the best thing you can do if you find yourself on the wrong side of a CIPA claim is to consult with legal counsel. If you use third-party tracking technologies on your website, it's always a good idea to follow data privacy best practices like knowing who you share data with, keeping your policies accurate and up to date, and reviewing what kinds of consents may be needed and where.
Best,
Arlo
Peloton has been accused of allowing a third party to process user chat data, including for training AI, which would be a violation of the California Invasion of Privacy Act (CIPA). Peloton has attempted and failed to dismiss a class-action lawsuit by the legal firm Consumer Advocates twice, making it likely that it will face court.
With the recent formation of a Labour government in the UK, what should organizations expect in terms of data privacy and AI legislation? This post breaks down the Labour Party’s policy positions on these subjects.
Governor Kathy Hochul recently signed two major pieces of legislation designed to protect children online—the Stop Addictive Feeds Exploitation (SAFE) for Kids Act and the New York Child Data Protection Act (CDPA). The SAFE for Kids Act regulates content feeds offered to minors, while the CDPA provides comprehensive data privacy protections for children.
For its 16 July meeting, the California Privacy Protection Agency (CPPA) has announced that it plans to discuss its adequacy status with other jurisdictions as well as potential action on automated decision-making technology, among other subjects.
Brazil's data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has temporarily banned Meta from processing users' personal data to train the company's artificial intelligence (AI) algorithms. The ANPD said it found "evidence of processing of personal data based on inadequate legal hypothesis, lack of transparency, limitation of the rights of data subjects, and risks to children and adolescents."
Advocating for your data privacy program can feel like an uphill battle—especially when the people holding the purse strings aren’t privacy experts themselves. We picked the brains of Osano’s Head of Privacy, Rachael Ormiston, and CFO, Ryan Macia, to identify five essential tactics that can tip the scales in your favor.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.