AI Bellwethers in the US and EU
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: January 25, 2024
Hello all, and happy Thursday!
Until the U.S. government passes a federal data privacy law, I expect I’ll have to write several more newsletter introductions like this one:
Two more U.S. states have passed their own data privacy laws!
New Jersey and New Hampshire have become the 13th and 14th states to pass their own privacy laws, although New Hampshire’s law has yet to officially receive the governor’s signature as of this writing. With that, we’re welcoming the NJDPA and SB 225 to the family (once New Hampshire’s law is enacted I’m sure they’ll give it a snappier name like the NHCPA or NHPIA or something along those lines).
We’ve included links to write-ups on both laws in this week’s newsletter, but keep an eye out for our own Osano summaries in the near future. And for those of you wondering why we’re calling these the 13th and 14th state laws respectively rather than the 14th and the 15th—Florida’s data privacy law is targeted to very large enterprises only, so it’s something of a different beast compared to the other state privacy laws. For that reason, we and others typically exclude it from the count of comprehensive state data privacy laws.
Stay tuned!
Arlo
P.S. Have you reserved your seat for our upcoming webinar on CPRA enforcement? The CPRA is finally fully enforceable as of March 29, 2024, so we’re hosting a webinar to clear up any lingering uncertainties around your compliance responsibilities. The webinar takes place next week, Thursday, February 1st @ 1 pm EST, 10 am PST. Reserve your seat here!
Recently, the New Hampshire state legislature passed Senate Bill 255, nearly making the state the 14th to enact a comprehensive data privacy law. The bill still requires enrollment and action thereafter from Gov. Chris Sununu. Following enactment, SB 255 will take effect 1 Jan. 2025.
On January 16, 2024, Governor Phil Murphy signed into law Bill 332, making New Jersey the 13th state with a comprehensive state privacy law. The law is set to take effect in January 2025. Hunton Privacy Blog provides more details on the new law.
Despite longstanding concerns over privacy and civil rights, a new agreement may soon give EU police access to personal data from U.S.-based digital platforms. Currently, EU police must go through U.S. authorities to gain digital information from these platforms under a 2010 mutual legal assistance treaty, but law enforcement agencies have complained that the process takes too long (~10 months on average). The new deal would rapidly expedite this process, but privacy advocates worry that some European countries with a poor track record on the rule of law could misuse the new powers in ways that limit freedom of speech or political opinion.
France's data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), recently fined Amazon France Logistique 32 million euros for allegedly over-surveilling its warehouse employees and keeping data of their actions for longer than was deemed necessary. In a statement to the BBC, the company said CNIL's findings were "factually incorrect" and that its practices are part of an "industry standard.”
The Global Privacy Enforcement Network will conduct an investigation of websites with deceptive design models, or so-called dark patterns. The sites will be judged based on the clarity of their texts and the design of their interfaces to see if they are influencing users to make harmful choices with their personal data. (Source in Italian).
What exactly is a “dark pattern” anyhow? How do you know whether you’ve accidentally committed an act of deceptive design? In this blog, we discuss nine, evidence-based dark patterns that are especially relevant when it comes to data privacy and consent.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.