Hello all, and happy Thursday!
With the recent passage of California’s Delete Act, it’s an especially good time to reflect on the contents of a recently declassified report from the Office of the Director of National Intelligence (ODNI).
The Delete Act empowers consumers to request the deletion of their personal data by all data brokers registered in California. The ODNI report shows that greater regulation of data brokers at the federal level is merited, as the government perceives data brokers to be a loophole for mass, warrantless device surveillance.
The Fourth Amendment prohibits the government from engaging in warrantless search and seizure. Tracking U.S. citizens through their cell phones certainly counts as a search, so federal agencies would need to get a judge to sign off on a warrant before tracking that data.
However, it has long been the position of federal agencies that “publicly available” information is not subject to the Fourth Amendment. If the information can be purchased, then the government considers it to be publicly available—whether or not any reasonable person would agree.
The report clarifies that ODNI’s own expert panels believe this approach is an overreach. But as we’ve seen with commercial excesses in data collection, we can’t expect organizations to simply stop tracking individuals’ data out of a sense of ethics. Historically, data collection practices have only been reduced to reasonable levels through regulation.
Best,
Arlo
P.S. Scroll down to watch Osano’s Head of Privacy, Rachael Ormiston, talk through a quick overview of India’s new Digital Personal Data Protection Act (DPDPA)!
The Information Commissioner, John Edwards, has issued an advisory notice to public authorities calling for an immediate end to the use of original source Excel spreadsheets when responding publicly to Freedom of Information Act (FOI) requests due to a number of high-profile personal data breaches.
The UK’s Department for Science, Innovation, and Technology (DSIT) recently published draft amendments that would replace references to EU-derived rights in the UK GDPR and Data Protection Act (DPA).
In response to the EU's crackdown on personalized advertising, Meta may create subscription tiers for Facebook and Instagram users in the EU. Notably, this paid version of the apps would still serve advertisements; they simply would not be targeted based on user data.
A newly declassified report from the Office of the Director of National Intelligence reveals that the federal government is purchasing a large amount of sensitive and intimate information on its own citizens from data brokers.
In an open letter to the EU, 56 cybersecurity leaders said the EU’s proposed one-day vulnerability disclosure requirement under the Cyber Resilience Act (CRA) means that dozens of government agencies would have access to a real-time database of software with unmitigated vulnerabilities without the ability to protect them.
Reddit is getting rid of the ability to opt-out of ad personalization based on users’ activity on the platform. The platform says select countries will still have the power to opt out of ad targeting, but has not yet released a specific list.
Uncertain of where to start when it comes to CPRA compliance? Use this checklist to build a foundation for compliance.
Rachael Ormiston, Head of Privacy, Talks Through India’s Digital Personal Data Protection Act (DPDPA)
If you’re interested in working at Osano, check out our Careers page!