AI Bellwethers in the US and EU
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: February 17, 2022
It's funny the things that we remember about our childhood. In the summer of 1983, I was seven years old, and although I don't recall a lot about that year, two things are forever seared into my memory. First, "Every Breath You Take" by The Police was the number one hit of the year. It was on a heavy rotation and appealed to music fans of all ages.
The other memory I have from that summer was that a gang of 9-year-old girls thought it would be funny to dunk my head in the water at the community pool to prove that they were stronger than me (which is still easy to do). Around the 20th dunk, I became convinced that the end was nigh. Our adult supervision was busy enjoying cocktails and grilling hotdogs while I quietly resigned to the irony that Sting might be crooning about breath while I could not catch one.
Fast forward many years (including an arguably lousy couple of decades for pop music), and I'm proud to report that I survived that trauma, although I can no longer stand The Police. But now, as Google repeatedly gets its proverbial head dunked in the waters of data privacy enforcement actions again in less than a month, I think I can imagine how Google's legal & compliance team must feel each time they come up for a breath. The French DPA (CNIL) and NYOB, in a true "hold my beer" moment, piled on to Austria's finding that a website’s use of Google Analytics violates the GDPR and that Google Analytics is effectively illegal in France as well.
What does this mean for Google and the broader MarTech ecosystem?
NYOB has a strong opinion on the topic: "In the long run, there seem to be two options: Either the US adapts baseline protections for foreigners to support their tech industry, or US providers will have to host foreign data outside of the United States."
Unfortunately, building infrastructure outside of the United States may not be sufficient. If a US company hosts data outside of the US, but that data is still subject to long-arm jurisdiction of US surveillance, will it still be a potential violation of the GDPR? We at Osano and the rest of the privacy community wait with bated breath to see whether the EU regulators and data protection authorities will provide more clarity and whether real progress can be made while the US surveillance laws and federal privacy protections remain unchanged.
The recent slew of rulings against big tech do raise a big question: Is GDPR, with all of its good intent driving us towards a set of nationalized Internets where the EEA has an entirely separate infrastructure and ecosystem in the same way that China has effectuated its network (albeit through less altruistic intents in the eyes of the West)?
Robert Bateman from GRC World Forums put together an excellent long-form piece on the current situation and shared his opinions on the potential impact.
I put some thoughts along these lines on LinkedIn today if you're interested.https://t.co/DIGXgygNV9
— Robert Bateman (@RobertJBateman) February 11, 2022
There is a lot that is uncertain right now. Rest easy though, friends; one thing is for sure, as we all hold our collective breath waiting to see how this drama plays out, Sting is still richer than all of us and probably more tired of that song than I am. If I were a betting man, I'd wager that you'll have an earworm soon.
Until next week,
-Arlo
CNIL rules Google Analytics violates GDPR.
On the heels of the Austrian Data Protection Authority’s ruling that Google Analytics violates the EU GDPR, France’s data protection authority, the Commission Nationale de l'informatique et des libertés (CNIL), reached a similar decision. Similar investigations are pending with other EU data protection authorities while companies and privacy practitioners are waiting for Google to address the issue in a meaningful way. Check Out the Story
U.S. state privacy bills making progress.
Bipartisan support at the state level is high as privacy bills in at least 16 states have been proposed and are making their way through the process. While plenty of hurdles remain before these bills become law, the growing number of proposed bills signal the trend of states taking action as the US waits for federal privacy law. The proposed bills share commonalities, such as the consumer right to access. Read the Latest
The EDPB publishes guidelines on DSARs.
The European Data Protection Board (EDPB) published guidelines on Data Subject Access Requests (DSARs) to clarify how an individual’s right to access has to be implemented in different situations. The right of access includes all personal data on the individual, whether the individual provided the data or not, including data inferred from other data. Get the Guidelines
India privacy law is getting close.
As it gets closer, we have our eye on the long-awaited Indian privacy law. Following a 2017 ruling that the right to privacy is fundamental, India’s Personal Data Protection Bill seeks to balance economic growth and protect citizens' data. It includes some provisions we’ve seen before and some that are unique (and controversial), like the inclusion of non-personal data. Follow Along
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.