Hello all, and happy Thursday!
Everyone is abuzz about the American Privacy Rights Act (APRA)! It should come as no surprise—a U.S. federal data privacy regulation seems like it’s only a matter of time now. However, if you read through our newsletter last week, you’ll know that there is a long legislative path ahead for the APRA. If it is passed, it will almost certainly differ substantially from the way the bill is written today. Nevertheless, our newsletter features multiple stories this week discussing the nitty-gritty of the law.
Meanwhile, states are charging ahead with their own data privacy laws. Kentucky, Maryland, and Nebraska have recently enacted or are on the brink of enacting their own laws—in lieu of a federal law, state legislators recognize the need to protect their constituents’ data privacy rights.
But it’s a mistake to let U.S. data privacy news take the oxygen out of the room. Data privacy is an evolving space; that means legislators and regulators are watching each other. Trends are global, and what happens in one jurisdiction affects what happens in others. Even though U.S. privacy laws’ approach to consent differs from the EU’s, I’d keep a close eye on the European Data Protection Board’s ruling on Meta’s “Pay or Okay” model. Not only will that affect how platforms choose to interact with Europe going forward, it could have unpredictable impacts on how organizations choose to comply with other data privacy regulations globally.
Best,
Arlo
On the 12 April edition of The New York Times' "Hard Fork" podcast, The International Association of Privacy Professionals’ (IAPP’s) President and CEO J. Trevor Hughes, recently spoke on The New York Times’ “Hard Fork” podcast on the key provisions of the proposed American Privacy Rights Act (APRA) as well as the dwindling sources of training data available for AI developers.
On Wednesday, U.S. House lawmakers discussed a variety of proposed data privacy bills during a hearing in the Energy and Commerce subcommittee on innovation, data, and commerce—notably including the American Privacy Rights Act (APRA). Lawmakers also touched on children’s online safety proposals like the Kids Online Safety Act, which recently got a House companion to the popular Senate bill, and COPPA 2.0, which would update and raise the age for protections for a long-standing online privacy bill for children.
Nearly two dozen civil society groups and nonprofits have written an open letter to the European Data Protection Board (EDPB), urging it not to endorse a strategy used by Meta that they say is intended to bypass the EU’s privacy protections for commercial gain. The letter comes ahead of a meeting of the EDPB this week that is expected to produce guidance on a controversial tactic used by Meta that forces Facebook and Instagram users to consent to its tracking.
The UK Information Commissioner’s Office (ICO) recently released a statement setting out its strategy for the next phase of implementing its children’s code of practice (also known as the (AADC). The ICO will look at social media platforms’ default settings for children’s profiles, recommender systems, and how they obtain consent to the processing of children’s data. The statement also indicates that the ICO will conduct audits of EdTech providers to identify privacy risks and potential noncompliance with applicable legislation.
Need to clarify why data privacy matters for AI? Our post, written by Osano Head of Privacy Rachael Ormiston, illustrates why and how AI intersects with multiple domains, including data privacy.
If you’re interested in working at Osano, check out our Careers page!