Hello all, and happy Thursday!
And a happy fourth quarter as well! In privacy land, that means it’s time to start thinking about the data privacy laws that will soon go into effect. Or, in Montana’s case, the laws that have already gone into effect. As of October 1, the MTCDPA is live. If you’re hazy on the MTCDPA’s details, our blog post can serve as a refresher.
While Montana may be the most recent data privacy law to switch on, the new year will bring a slew of new privacy laws to contend with, including:
Whew! Eight whole new data privacy laws to contend with in 2025.
We have articles on each of these laws on the Osano website, but I don’t want to bombard you with links. We do provide an overview of each of the enacted US data privacy laws here, however. And of course, don’t hesitate to get in touch if you want to discuss what 2025’s data privacy laws might mean for you.
Best,
Arlo
P.S. The second half of my conversation with Max Schrems is live! I had such a good time chatting with everyone’s favorite privacy advocate that I wanted to make sure you didn’t miss it.
Listen to Part II of our podcast with noyb founder Max Schrems!
Learn all about Osano’s new advanced capabilities in our press release!
October 8th | Save your seat
Join us for a one-day, virtual event designed to help privacy professionals survive and thrive in the world of data privacy.
October 22nd | Save your seat
California Gov. Gavin Newsom has vetoed SB-1047, a bill that would have imposed what some perceived as overly broad—and unrealistic—restrictions on developers of advanced artificial intelligence (AI) models. In doing so, Newsom likely disappointed many others—including leading AI researchers, the Center for AI Security (CAIS), and the Screen Actors Guild—who perceived the bill as establishing much-needed safety and privacy guardrails around AI model development and use. Read the article to hear from a surprise (albeit familiar) expert!
For a state that doesn't have a privacy law, New York City has been busy when it comes to privacy enforcement. In a recent decision, a federal district court has said that a law requiring food-delivery apps to share customer-specific data with restaurants violates the First Amendment, determining that the data sharing is not appropriately tailored to a substantial government interest.
Thought of as one of the more pro-privacy browsers, Mozilla Firefox has drawn the attention of Max Schrems’s privacy advocacy group noyb (“none of your business”). In a recent update, Firefox released a “privacy feature” called Privacy Preserving Attribution that is enabled by default without users’ knowledge or consent. Schrems’s group asserts: “Contrary to its reassuring name, this technology allows Firefox to track user behavior on websites.”
The EU Court of Justice recently handed down a decision that regulators do not need to hand down a fine following a breach if the impacted organization has taken all appropriate steps, including implementing measures to end the breach and prevent a reoccurrence. Ultimately, the decision highlights the importance of acting swiftly following a breach.
The EU Commission announced that over a hundred companies have signed the EU AI Pact and its voluntary pledges, which entered into force on August 1, 2024. The signatories include organizations from a diverse set of industries and locales. The pact supports businesses voluntary commitments to start applying the principles of the AI Act ahead of its entry into application and enhances engagement between the EU AI Office and stakeholders.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!