In this article

Sign up for our newsletter

Share this article

Hello all, and happy Thursday! 

And a happy fourth quarter as well! In privacy land, that means it’s time to start thinking about the data privacy laws that will soon go into effect. Or, in Montana’s case, the laws that have already gone into effect. As of October 1, the MTCDPA is live. If you’re hazy on the MTCDPA’s details, our blog post can serve as a refresher. 

While Montana may be the most recent data privacy law to switch on, the new year will bring a slew of new privacy laws to contend with, including: 

  • The Delaware Personal Data Privacy Act (DPDPA; January 1) 
  • The Iowa Consumer Data Protection Act (ICDPA; January 1) 
  • The Nebraska Data Privacy Act (NDPA; 1 January) 
  • The New Hampshire Data Privacy Act (NHDPA; January 1) 
  • The New Jersey Data Privacy Act (NJDPA; January 15) 
  • The Tennesse Information Protection Act (TIPA; July 1) 
  • The Minnesota Consumer Data Privacy Act (MCDPA; July 31) 
  • The Maryland Online Data Protection Act (MODPA; October 1) 

Whew! Eight whole new data privacy laws to contend with in 2025.  

We have articles on each of these laws on the Osano website, but I don’t want to bombard you with links. We do provide an overview of each of the enacted US data privacy laws here, however. And of course, don’t hesitate to get in touch if you want to discuss what 2025’s data privacy laws might mean for you. 

Best, 

Arlo 

P.S. The second half of my conversation with Max Schrems is live! I had such a good time chatting with everyones favorite privacy advocate that I wanted to make sure you didnt miss it. 

1200x627-secret-weapon

Highlights from Osano

New This Week

Podcast: David, Goliath, and Data Privacy Part II: Max Schrems 

Listen to Part II of our podcast with noyb founder Max Schrems! 

Listen here 

In Case You Missed It...

Press Release: Osano Makes Privacy Simpler by Improving Insight, Visibility, and Operational Efficiency for Customers 

Learn all about Osano’s new advanced capabilities in our press release! 

Read more 

Upcoming Webinars and Events

Why Privacy Is Your Secret Weapon Against Third-party Risk 

October 8th | Save your seat 

The Privacy Pro Survival Summit 

Join us for a one-day, virtual event designed to help privacy professionals survive and thrive in the world of data privacy. 

October 22nd | Save your seat 


Top Privacy Stories of the Week

California Governor Vetoes AI Safety Bill Aimed at Big Tech Players 

California Gov. Gavin Newsom has vetoed SB-1047, a bill that would have imposed what some perceived as overly broad—and unrealistic—restrictions on developers of advanced artificial intelligence (AI) models. In doing so, Newsom likely disappointed many others—including leading AI researchers, the Center for AI Security (CAIS), and the Screen Actors Guild—who perceived the bill as establishing much-needed safety and privacy guardrails around AI model development and use. Read the article to hear from a surprise (albeit familiar) expert! 

Read more 

Federal Court Invalidates NYC Law Requiring Food Delivery Apps to Share Customer Data with Restaurants 

For a state that doesn't have a privacy law, New York City has been busy when it comes to privacy enforcement. In a recent decision, a federal district court has said that a law requiring food-delivery apps to share customer-specific data with restaurants violates the First Amendment, determining that the data sharing is not appropriately tailored to a substantial government interest. 

Read more 

Privacy Advocacy Group noyb Files Complaint Against Mozilla Firefox 

Thought of as one of the more pro-privacy browsers, Mozilla Firefox has drawn the attention of Max Schrems’s privacy advocacy group noyb (“none of your business”). In a recent update, Firefox released a “privacy feature” called Privacy Preserving Attribution that is enabled by default without users’ knowledge or consent. Schrems’s group asserts: “Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites.” 

Read more 

EU Court of Justice: Fines May Not Be Necessary Following Breaches if Appropriate Steps Taken 

The EU Court of Justice recently handed down a decision that regulators do not need to hand down a fine following a breach if the impacted organization has taken all appropriate steps, including implementing measures to end the breach and prevent a reoccurrence. Ultimately, the decision highlights the importance of acting swiftly following a breach. 

Read more 

Over A Hundred Companies Sign EU AI Pact Pledges to Drive Trustworthy and Safe AI Development 

The EU Commission announced that over a hundred companies have signed the EU AI Pact and its voluntary pledges, which entered into force on August 1, 2024. The signatories include organizations from a diverse set of industries and locales. The pact supports businesses voluntary commitments to start applying the principles of the AI Act ahead of its entry into application and enhances engagement between the EU AI Office and stakeholders. 

Read more 

Like what you hear from the Privacy Insider newsletter?

There's more to explore:

🎙️The Privacy Insider Podcast

We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.

📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands

The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.

If you’re interested in working at Osano, check out our Careers page

Schedule a demo of Osano today
Share this article