AI Bellwethers in the US and EU
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Updated: September 23, 2024
Published: February 8, 2024
Hello all, and happy Thursday!
For most businesses subject to a privacy law, when they hear “enforcement,” they think of the massive fines being applied to egregious violators of the law. In part, that’s because much of what goes on in regulatory enforcement happens behind the scenes. The Connecticut Data Privacy Act (CTDPA), however, gives us a chance to peek behind the curtain.
Under the CTDPA, the Attorney General’s Office is required to issue an annual report describing its efforts to educate consumers and enforce compliance—we’ve linked to it in one of this week’s stories below. In this report, you can find information on what drives complaints, why companies get put on notice, and so on. Extrapolating the information in this report out to the rest of the U.S. (and other jurisdictions covered by data privacy laws) can give you greater insight into what’s going on in enforcement across the wider data privacy world.
Some highlights from this year’s report:
Something else that the team at Osano noticed: one of these cure notices was issued to a car brand after privacy concerns were highlighted in the Mozilla Foundations's *Privacy Not Included. We talked about Mozilla’s report in a previous edition of Privacy Insider—in this instance, it looks like there was a pretty clear line between being called out for poor privacy practices and being investigated by data protection authorities.
All of this is just to call out an opportunity to learn more about what goes on in enforcement beyond the big, seven-figure penalties that make headlines. There are a lot of smaller actions and steps before those penalties reach those stratospheric heights.
Best
Arlo
P.S. Don’t miss out on next Thursday’s webinar on data mapping! Osano has partnered with KPMG to dive into what, why, and how of data mapping—register on the IAPP’s website here.
The Competition and Markets Authority (CMA) has said that Google “cannot proceed with third-party cookie deprecation” until its concerns are resolved, sparking further uncertainty across the industry. The CMA’s concerns center on the Privacy Sandbox, Google’s attempt to enable data processing in a more private manner. Specifically, the CMA said that Google must not “design, develop or use the Privacy Sandbox proposals in ways that reinforce the existing market position of its advertising products and services, including Google Ad Manager."
California Attorney General Rob Bonta recently announced his office would be investigating companies with popular streaming apps and devices in order to assess their compliance with the California Consumer Privacy Act. Attorney General Bonta indicated that his office would be looking at whether or not these businesses complied with requirements around the sale/sharing of personal and the right of consumers to opt out of the sale of their data.
Under the CTDPA, the Connecticut Attorney General is required to issue a report no later than February 1 listing various enforcement metrics. In this first CTDPA report, Attorney General Tong’s office listed and described complaints received, the nature of violations, cure notices issued, and more. Additionally, the Attorney General identified several ways in which the CTDPA could be strengthened.
The Dutch Data Protection Authority (AP) is imposing a fine of €10 million on Uber after the company failed to disclose the full details of its retention periods for data concerning European drivers, failed to name the non-European countries in which it shares this data, and obstructed its drivers’ efforts to exercise their right to privacy.
Last November, the Information Commissioner’s Office (ICO) wrote to 53 of the UK’s top 100 websites, warning that they faced enforcement action if they did not make changes to advertising cookies to comply with data protection law. While most websites complied with the warning, the ICO affirmed that it would continue to seek out non-compliance, including through the development of an AI solution.
They may not agree on whether it’s called Taylor Ham or a pork roll, but New Jerseyans do agree on data privacy. Find out all about the essentials of compliance with the New Jersey Data Privacy Act on our blog.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.