AI Bellwethers in the US and EU
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: August 31, 2023
Hello all, and happy Thursday!
One of the more influential data privacy laws in the world (or at least data privacy-adjacent) just reached an important milestone; the EU’s Digital Services Act (DSA) is now in effect for "very large online platforms" and "very large online search engines."
In essence, this means the Googles and Metas of the world must moderate hate speech and disinformation on their respective platforms. While the DSA is primarily concerned with combating harmful content, it enters the privacy sphere in that it also requires VLOPs and VLOSEs (i.e., very large online platforms/search engines) to provide options for recommended content that does not rely on user profiling, to be transparent around digital advertising, and generally protect consumer rights.
The DSA’s got teeth, too—businesses risk being fined up to 6% of their total worldwide annual turnover.
That being said, enforcement is a bit of a head-scratcher. The level of effort that it would take to moderate harmful content online seems enormous. And moderating harmful content requires a clear consensus on what content is considered harmful. What happens when VLOPs and VLOSEs’ idea of harmful content doesn’t match with what the regulators’ ideas of harmful content are?
Well, the developers of the DSA considered this issue.
The act addresses this concern by relying on “trusted flaggers”—entities with experience around identifying harmful content, most likely non-government organizations and advocacy groups. Still, it seems like content moderation on this scale will be messy.
Watching this law and its enforcement in the next few years and months will be illuminating, both because smaller organizations will gradually become subject to the DSA as time goes on and because this regulatory approach to internet content moderation has never been tried before.
Best,
Arlo
The Office of the Australian Information Commissioner (OAIC) and 11 other international data privacy protection organizations have issued a joint statement on the rise in the use of data scraping technologies to collect personal information from social media accounts. Among other subjects, the statement discusses the responsibilities of social media companies, how publicaly available personal information is still subject to regulation, how to protect your own data, and more.
India’s Digital Personal Data Protection Act, 2023 (DPDP Act) was enacted on August 11. Learn about how the law treats digital personal data, what requirements data controllers face, what rights the law provides, and more here.
All data breaches are data incidents, but not all data incidents are data breaches. This article dives into the difference between the two and provides key, actionable information organizations can take into account to prevent an incident from evolving into a full-blown breach.
As of August 25th, the EU Digital Services Act regulations governing the obligations of "very large online platforms" and "very large online search engines" are in effect. As a result Facebook, Amazon and other large tech companies must curb hate speech, propaganda and other harmful content.
Software development kits, or SDKs, are widely used to accelerate software development, but they often contain data collection and transmission through tracking technologies—sometimes without the developers’ knowledge.
Cookie notices can feel like an unnecessary intrusion into an otherwise-peaceful web browsing experience, but they’re absolutely essential to the user experience. Find out why, what’s required in a cookie notice, and what major regulations have to say about cookie notices in this blog.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.