.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
Ch-Ch-Ch-Changes
Hello all, and thanks for reading today.
Read Now
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
Hello all, and happy Thursday!
With the Privacy Act of 1988, Australia was among the first countries to implement data privacy legislation in the world. But it should come as no surprise that legislation from 1988 is a bit outdated.
Over the years, the Privacy Act has received a few updates here and there, but it’s been consistently behind relative to more comprehensive data privacy regulations like the GDPR. After a recent review, the Australian government has introduced a new piece of legislation that will update the Privacy Act to bring it in line with modern data privacy regulations.
The draft bill isn’t perfect and still doesn’t match many of the protections provided by EU or US laws, but it’s a start. Notably, the act introduces:
- A tort for serious invasions of privacy
- A children's privacy code applying to social media and internet services
- Tiered sanctions for data breaches
- Requirements to include details of automated decision-making in privacy policies
- Data breach declarations
- Equivalency standards for overseas transfers
- Criminal offense for doxxing
However, the bill has only just been introduced in the Australian legislative process (which, candidly, I am not an expert on). It’s likely to go through additional changes, but if it passes, it’ll go a long way toward providing Australians with much-needed, modern privacy protections!
Best,
Arlo
.png?width=800&height=400&name=Osano%2BVanta-1024x512%20(1).png)
Highlights from Osano
New This Week
Announcing Osano & Vanta’s New Partnership!
We’re pleased to announce a new partnership between Osano and the Vanta trust management platform!
In Case You Missed It...
The Privacy Insider Podcast, Episode 6: David, Goliath, and Data Privacy Part I: Max Schrems
Hear from renowned Austrian privacy activist Max Schrems, as he chats with Arlo Gilbert about noyb and privacy rights.
When AI meets PI: Assessing and Governing AI from a Privacy Perspective
How can privacy teams be proactive in AI governance? Find out by watching the on-demand webinar.
Upcoming Webinars and Events
Join us at Privacy. Security. Risk. 2024 for the O-Mazing Race
Win prizes at Booth #334 at this year’s P.S.R. conference!
September 22nd-24th | Grab a time to meet us
[Webinar] Why Privacy Is Your Secret Weapon against Third-party Risk
October 8th | Save your seat
The Privacy Pro Survival Summit
Join us for a one-day, virtual event designed to help privacy professionals survive and thrive in the world of data privacy.
October 22nd | Save your seat
Top Privacy Stories of the Week
Instagram Rolls Out Teen Accounts with Privacy, Parental Controls as Scrutiny Mounts
Meta Platforms is rolling out enhanced privacy and parental controls for Instagram accounts of users under 18 in a significant overhaul aimed at addressing growing concerns around the negative effects of social media. Meta will port all designated Instagram accounts automatically to "Teen Accounts,” which will be private accounts by default, the company said on Tuesday. The changes are in part a response to the US Senate’s advancement of the Kids Online Safety Act and the Children and Teens' Online Privacy Protection Act.
Australia: Long Awaited Australian Privacy Reform Comes to Fruition
The Australian Government has published a draft bill showing potential reforms in the Australian Privacy Act. Among other changes, the draft bill will introduce a tort for serious invasions of privacy, establish a children’s privacy code, require data breach declarations, and create tiered sanctions for data breaches.
23andme Settles Data Breach Lawsuit for $30 Million
23andMe will pay $30 million and provide three years of security monitoring to settle a lawsuit accusing the genetics testing company of failing to protect the privacy of 6.9 million customers whose personal information was exposed in a data breach last year. The accord also resolves accusations that 23andMe did not tell customers with Chinese and Ashkenazi Jewish ancestry that the hacker appeared to have specifically targeted them and posted their information for sale on the dark web.
Your Data Act Queries Answered: The European Commission Publishes FAQs
The Data Act establishes horizontal rules for accessing and sharing data from internet-of-things (IoT) products and related services across the EU’s data market. Since the Data Act interacts with the GDPR in many ways, the EU Commission recently published a list of FAQs that explain how the Data Act, GDPR, and other EU legislation intersect.
California Privacy Protection Agency (CPPA) to Businesses: Avoid Dark Patterns
On September 4, 2024, the California Privacy Protection Agency (CPPA) issued an Enforcement Advisory on the importance of avoiding dark patterns. The Enforcement Advisory highlights the CPPA’s focus on ensuring consumer autonomy and choice by advising businesses to “review and assess their user interfaces to ensure that they are offering symmetrical choices and using language that is easy for consumers to understand when offering privacy choices.”
Like what you hear from the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!