AI Bellwethers in the US and EU
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: June 6, 2024
Hello all, and happy Thursday!
Hello all, and happy Thursday!
For those of you who have been in the privacy game for the past few years, you may recall how difficult it’s been to keep EU-U.S. data transfers compliant with the GDPR. First, there were the Safe Harbor Principles (ruled invalid by the European Court of Justice), then the Privacy Shield (also ruled invalid), and now there’s the Data Privacy Framework (still valid... for now).
It’s tempting to say that the reason for all of this back and forth is Max Schrems and his data privacy non-profit noyb (or “none of your business”). It’s true that Schrems is responsible for bringing forward the complaints that led to the downfall of the Safe Harbor Principles and Privacy Shield, and he’s established that he intends to challenge the Data Privacy Framework too.
But the real reason why these mechanisms have failed relates to one of our stories this week: the recent renewal of section 702 of the Foreign Intelligence Surveillance Act (FISA). Section 702 serves as the basis for all sorts of surveillance programs. This includes PRISM, which lay at the center of Edward Snowden’s revelations.
Section 702 gives the U.S. intelligence community the power to demand that U.S. tech companies hand over non-U.S. citizens’ data upon request, sidestepping any kind of judicial review. Fundamentally, this clashes with the GDPR—EU citizens’ data is supposed to be protected from these kinds of secret transfers, even if (or especially if) the recipient is a government agency.
So, Max Schrems may have been the instigator, but he’s not the ultimate reason why these data transfer mechanisms failed. The current Data Privacy Framework at least provides some means of redressing EU citizens’ complaints when their data is accessed by U.S. intelligence agencies, but it hardly addresses this fundamental clash between privacy and surveillance.
In a time when everyone’s attention is monopolized by AI, state data privacy laws, and even a potential U.S. federal data privacy law, it’s worthwhile to recall just how uncertain the future of EU-U.S. data transfers may be.
Best,
Arlo
P.S. Speaking of AI, (you didn’t think I wasn’t going to mention AI, did you?) episode 2 of the Privacy Insider podcast is out! You can listen here, or scroll down to the bottom of this newsletter.
Hundreds of thousands of European schoolchildren are likely being tracked by Microsoft education software widely deployed in schools across the continent, according to the data privacy advocacy group NOYB (“None of Your Business”). NOYB has asked data protection authorities to investigate what data is processed by Microsoft 365 Education as it claims that the software violates transparency provisions of the General Data Protection Regulation (GDPR).
Article 82(1) of the GDPR provides individuals who suffer material or non-material damage as a result of an infringement of the GDPR with the right to receive compensation from the controller or processor for the damage suffered. But many questions about what constitutes non-material damage abound. Here’s how Irish courts have been handling this issue.
The American Privacy Rights Act was announced 7 April 2024 by a bicameral and bipartisan group of congress members. The proposal aims to give Americans enforceable data privacy rights and eliminate the patchwork of comprehensive state privacy laws. This IAPP cheat sheet provides an overview of the discussion draft of the APRA as published on 21 May 2024.
Texas Attorney General Ken Paxton launched a major data privacy and security initiative Tuesday, establishing a team that will focus on enforcing Texas privacy laws. Specifically, the team will be investigating companies that illegally collect and sell consumer data.
The recent renewal of section 702 of the 1978 Foreign Intelligence Surveillance Act (FISA) by President Biden means that intelligence agencies may collect the data of non-Americans interacting with American companies, such as Microsoft, Amazon, and Google. Despite being protected by the GDPR, this includes European citizens, sparking criticism from data privacy advocates.
In this episode of The Privacy Insider Podcast, host Arlo Gilbert and Katharine Tomko, partner at First Ascent Ventures, dive into AI, how it is changing the data privacy landscape, and how its growth presents new challenges for privacy teams and individuals. Listen to the episode with the link below!
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.