AI Bellwethers in the US and EU
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: September 14, 2023
Hello all, and happy Thursday!
Delaware has officially become the 12th jurisdiction in the U.S. to enact a data privacy law. The Delaware Personal Data Privacy Act (DPDPA) resembles most other state privacy laws. However, as is always the case, the DPDPA has its own peculiarities.
For one, it defines “children” as individuals under 18 years of age, which is much older than other laws’ definitions. The DPDPA prohibits businesses from processing children’s personal data for targeted advertising or selling their personal data (unless the consumer is at least 13 years old and opts in).
The law also has lower threshold requirements compared to other state privacy laws. The DPDPA applies to entities that do business in Delaware or that:
For most other laws with threshold requirements, these figures are much higher.
Given that many, many businesses are incorporated in Delaware, this new law might raise some alarm bells. Remember; being based out of a jurisdiction is not the same as “doing business” in that jurisdiction, so the DPDPA may not apply. Still, it seems like some portion of the many businesses incorporated in Delaware will be subject to this law. As always, we recommend consulting with your legal counsel first and foremost.
Best,
Arlo
Effective 2025, Delaware-based businesses will need to comply with the Delaware Personal Data Privacy Act. Specifically, the law applies to entities conducting business in Delaware that control or process the personal data of 35,000 consumers or more, or 10,000 consumers if they derive more than 20 percent of their gross revenue from the sale of personal data.
The European Commission recently designated six companies as so-called “gatekeepers” under the Digital Markets Act, or DMA, including Alphabet, Amazon, Apple, ByteDance, Meta, and Microsoft. Because these companies provide core platforms that provide access to various services, they must adhere to certain regulations under the DMA, such as permitting the installation of third-party systems and apps.
Despite its name, Google’s Privacy Sandbox feature will track the web pages you visit and generate a list of advertising topics that it will share with web pages whenever they ask.
Google faces a class action lawsuit from the Netherlands over alleged tracking and profiling of consumers. The suit alleges Google engaged in “large-scale privacy violations” of the European Union’s data protection regime.
AB 57, which was signed into law by Governor Gavin Newsom last year, requires social media companies to publicly detail moderation practices around hate speech, racism, extremism, disinformation, harassment, and foreign political interference. Now, X (formerly Twitter) has filed suit, alleging that the law violates the company’s constitutional right to free speech.
It’s not an explicit requirement of data privacy laws, but without it, you’ll struggle to meet other regulatory requirements. Mapping your organization’s privacy data is an essential component of long-term, sustainable compliance. Find out why and how to do it here.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.