AI Bellwethers in the US and EU
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: October 26, 2023
Hello all, and happy Thursday!
Regular readers of this newsletter will recognize the name Clearview AI. This facial recognition company got into hot water by collecting and processing facial data from more than 20 billion images on the internet, all without collecting proper consent or establishing an appropriate legal basis.
If you’re familiar with GDPR at all, then you’ll know this is very much against EU and UK law. Clearview AI was quickly hit with enforcement actions from a number of EU member states as well as the UK’s Information Commissioner’s Office (ICO). But, as reported in one of our stories in this week’s newsletter, the ICO recently lost an appeal against Clearview AI, effectively canceling a 7.5 million pound fine.
Although Clearview AI used to have commercial customers, it limited its services to law enforcement agencies after an ACLU lawsuit. Because its only customers are law enforcement agencies—none of which were based out of the UK—a tribunal ruled that the ICO could not levy a fine against Clearview AI.
Essentially, the tribunal asserted that this fine would in effect serve to dictate the actions of a foreign government’s law enforcement agencies, which falls outside the scope of the UK’s data protection rules.
Data privacy regulations are intended to regulate private companies, not governments. But unfortunately, not all threats to individuals’ data privacy rights come from the private sector. Many of the most worrisome rights violations do come from governments—in fact, several recent data privacy regulations codify significant exemptions for government agencies’ data processing activities.
Ultimately, this reversal highlights one of the enduring challenges in data privacy: Private companies need to play by their governments’ rules, but those rules won’t always respect individuals’ fundamental rights.
Best,
Arlo
The Jordan Personal Data Protection Law (PDPL) was published in the Official Gazette on 17 September 2023 and will come into effect 17 March 2024. The Jordan PDPL follows the same structure as many other data privacy laws, though it does provide a number of government exemptions.
Last year, Clearview AI was fined more than £7.5m by the Information Commissioner's Office (ICO) for unlawfully storing facial images in what has been described as a “perpetual police line-up.” Because Clearview AI’s database was solely used by law enforcement outside of the UK, it was able to reverse the ICO’s privacy fine.
In November, Google is preparing to release a suite of tools to help companies evaluate their use of third-party cookies as preparation for its intention to phase out the use of third-party cookies in the Q1 of 2024. It should be noted that third-party cookies make up a small portion of data trackers used to collect personal information.
The Consumer Financial Protection Bureau (CFPB) proposed rules that would make it easier for consumers to access their own financial data from lenders. The purpose of this proposed rule would be to make it easier for consumers to switch lenders, thereby encouraging greater competition.
The Belgian Data Protection Authority has published a number of guidelines and tools on the appropriate use of cookies, including a cookie checklist, templates, and more.
What is data mapping, and why is it so essential for CCPA/CPRA compliance? We explain everything you need to know about data mapping for CPRA in this blog.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.