Privacy Insider Newsletter | Data Privacy News Delivered Weekly

Data Privacy and the Chevron Doctrine

Written by Arlo Gilbert | Jul 4, 2024 12:00:00 PM

Hello all, and happy Thursday! 

This Thursday, the Osano team is out of the office celebrating the Fourth of July with family and friends! To that end, we’ll keep this week’s Privacy Insider short and sweet.    

However, I do want to quickly address a recent Supreme Court decision—specifically, the Court’s decision to overturn the Chevron deference. As a very quick summary, the Chevron deference was a legal framework in which courts deferred to regulatory agencies’ interpretations of ambiguous statutory law. Now, courts are expected to make independent decisions on ambiguous requirements, though they may still consider agency recommendations. 

This has a huge impact on all things related to regulatory compliance, especially at the federal level. But when it comes to data privacy compliance in the U.S., the likely result is a greater focus on state-level regulations and a reduced likelihood of a federal data privacy law. Legislators at the federal level will take more time to pass laws since they’ll need to reduce as much ambiguity as possible, while state legislators will have more freedom to hand off legislative interpretation to agencies like the California Privacy Protection Agency (CPPA).  

There’s a lot more analysis and discussion to be made on this decision, but we can’t get into sufficient depth in this newsletter. Especially on a holiday! So, to our U.S. subscribers, we hope you’ve enjoyed some well-deserved rest, fireworks, and barbeque. To our international subscribers, we’re sorry for the U.S.-centric content in this week’s newsletter—we’ll be back next week with your regularly scheduled newsletter! 

Best, 

Arlo 

P.S. Speaking of U.S. data privacy laws, did you know that two state laws just went into effect as of July 1? Texas’s and Oregon’s data privacy laws are now live! 


Top Privacy Stories of the Week

Law Enforcement Searches of Clearview AI Facial Recognition Doubled in Past Year 

The number of facial recognition searches law enforcement conducted via controversial Clearview AI technology doubled to 2 million over the past year. In addition, the number of images stored in the company’s database of faces, which is used to compare biometrics, also has surged, now totaling 50 billion, according to a statement from CEO Hoan Ton-That. 

Read more 

Health Information Can Be Tracked. US District Court Overrules Biden Department of Health and Human Services 

In a consequential decision for Health Insurance Portability and Accountability Act (HIPAA)-regulated entities, the U.S. District Court for the Northern District of Texas invalidated the Department of Health and Human Services’ Office for Civil Rights' (OCR’s) guidance that HIPAA obligations attach where an online tracking technology collects certain combinations of personal information. 

Read more 

ID Verification Service for TikTok, Uber, X Exposed Driver Licenses 

Identity Intelligence organization Au10tix recently exposed a set of administrative credentials online for over a year. This exposure potentially allowed hackers to access sensitive data. Au10tix verifies identities for companies like TikTok, Uber, and X, and boasts clients such as Fiverr, PayPal, Coinbase, LinkedIn, and Upwork. Some of these companies confirmed their active or past use of Au10tix’s services. 

Read more 

U.S. Commerce Department Issues First-of-Its-Kind Determination Banning Certain Software Products and Services 

Recently, the U.S. Department of Commerce Office of Information and Communications Technology and Services (OICTS) published a first-of-its-kind Final Determination against Kaspersky Lab, Inc., prohibiting the provision of its antivirus software and cybersecurity products in the United States or to U.S. persons. This Final Determination provides new insights into the OICTS review of information and communications technology and services transactions and the prohibitions or restrictions that may result. 

Read more 

Commission Sends Preliminary Findings to Meta Over Its “Pay or Consent” Model for Breach of The Digital Markets Act 

The European Commission recently informed Meta of its preliminary findings that its “pay or consent” advertising model fails to comply with the Digital Markets Act (DMA). In the Commission's preliminary view, this binary choice forces users to consent to the combination of their personal data and fails to provide them a less personalized but equivalent version of Meta's social networks. Meta will have an opportunity to provide its defense, but the Commission could fine it up to 10% of Meta’s total worldwide turnover. 

Read more 

Osano Blog: Data Discovery and Classification: Key Concepts for Data Mapping 

Data mapping is an essential foundation for compliance—but how do you actually find data in your map and classify its risk? This blog dives into detail. 

Read more 

Like what you hear from the Privacy Insider newsletter?

There's more to explore:

🎙️The Privacy Insider Podcast

We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.

📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands

The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.

If you’re interested in working at Osano, check out our Careers page