AI Bellwethers in the US and EU
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Updated: October 10, 2023
Published: October 5, 2023
Hello all, and happy Thursday!
With the recent passage of California’s Delete Act, it’s an especially good time to reflect on the contents of a recently declassified report from the Office of the Director of National Intelligence (ODNI).
The Delete Act empowers consumers to request the deletion of their personal data by all data brokers registered in California. The ODNI report shows that greater regulation of data brokers at the federal level is merited, as the government perceives data brokers to be a loophole for mass, warrantless device surveillance.
The Fourth Amendment prohibits the government from engaging in warrantless search and seizure. Tracking U.S. citizens through their cell phones certainly counts as a search, so federal agencies would need to get a judge to sign off on a warrant before tracking that data.
However, it has long been the position of federal agencies that “publicly available” information is not subject to the Fourth Amendment. If the information can be purchased, then the government considers it to be publicly available—whether or not any reasonable person would agree.
The report clarifies that ODNI’s own expert panels believe this approach is an overreach. But as we’ve seen with commercial excesses in data collection, we can’t expect organizations to simply stop tracking individuals’ data out of a sense of ethics. Historically, data collection practices have only been reduced to reasonable levels through regulation.
Best,
Arlo
P.S. Scroll down to watch Osano’s Head of Privacy, Rachael Ormiston, talk through a quick overview of India’s new Digital Personal Data Protection Act (DPDPA)!
The Information Commissioner, John Edwards, has issued an advisory notice to public authorities calling for an immediate end to the use of original source Excel spreadsheets when responding publicly to Freedom of Information Act (FOI) requests due to a number of high-profile personal data breaches.
The UK’s Department for Science, Innovation, and Technology (DSIT) recently published draft amendments that would replace references to EU-derived rights in the UK GDPR and Data Protection Act (DPA).
In response to the EU's crackdown on personalized advertising, Meta may create subscription tiers for Facebook and Instagram users in the EU. Notably, this paid version of the apps would still serve advertisements; they simply would not be targeted based on user data.
A newly declassified report from the Office of the Director of National Intelligence reveals that the federal government is purchasing a large amount of sensitive and intimate information on its own citizens from data brokers.
In an open letter to the EU, 56 cybersecurity leaders said the EU’s proposed one-day vulnerability disclosure requirement under the Cyber Resilience Act (CRA) means that dozens of government agencies would have access to a real-time database of software with unmitigated vulnerabilities without the ability to protect them.
Reddit is getting rid of the ability to opt-out of ad personalization based on users’ activity on the platform. The platform says select countries will still have the power to opt out of ad targeting, but has not yet released a specific list.
Uncertain of where to start when it comes to CPRA compliance? Use this checklist to build a foundation for compliance.
Rachael Ormiston, Head of Privacy, Talks Through India’s Digital Personal Data Protection Act (DPDPA)
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.