Platform
- The Osano Platform Overview
  
  Get an overview of the simple, all-in-one data privacy platform
- Features & Integrations
  
  Key Features & Integrations
Solutions
- By Regulation
- CPRA
  
  Discover how Osano supports CPRA compliance
- CCPA
  
  Learn about the CCPA and how Osano can help
- GDPR
  
  Achieve compliance with one of the world’s most comprehensive data privacy laws
- By Role
- For Non-Privacy Experts
  
  Simple and robust compliance for marketers, IT, product, developers, and more
- For Legal & Compliance
  
  Bridge the gap from regulatory knowledge to privacy operations with smart automation
- For GRC, Risk & Security
  
  Manage the full spectrum of risk—privacy included
- By Use Case
- Consent Management
  
  Manage consent without the complexity
- DSAR Automation
  
  Never miss a DSAR deadline again
- Privacy Program Management
  
  Build and grow an end-to-end privacy program
- Vendor Risk Management
  
  Regain insight and control over your customers’ data
Resources
- Resources
  
  Key resources on all things data privacy
- Articles
  
  Expert insights on all things privacy
- Resource Center
  
  Key resources to further your data privacy education
- Customer Stories
  
  Meet some of the 5,000+ leaders using Osano to transform their privacy programs
- U.S. Data Privacy Laws
  
  A guide to data privacy in the U.S.
- Product Updates
  
  What's the latest from Osano?
- Become a Privacy Insider
  
  Data privacy is complex but you're not alone
- The Newsletter
  
  Join our weekly newsletter with over 35,000 subscribers
- The Podcast
  
  Global experts share insights and compelling personal stories about the critical importance of data privacy
- The Book
  
  Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
- Events
  
  Upcoming webinars and in-person events designed for privacy professionals
Latest Blog post

Steps to Take in Response to 23andMe Bankruptcy Filing

Hello all, and happy Thursday!
Read Now
Company
- About Us
  
  The Osano story
- Careers
  
  Become an Osanian and help us build the future of privacy!
- Contact
  
  We’re eager to hear from you
- Our Pledge
  
  No fines, no penalties
- Data Licensing
  
  Add Osano data privacy ratings and recommendations to your application
- Osano Swag Store
  
  Increase Trust. Stay Compliant. Get Cool Swag.
- Press & Media
  
  Inquiries and Osano in the news
- Partners & Resellers
  
  Interested in partnering with us?
Pricing
Sign In Book a Demo

Privacy Violations Without a Privacy Law

Arlo Gilbert

Published: March 20, 2025

Hello all, and happy Thursday!

Plenty of states in the US have a data privacy law, but there are plenty that don’t, too. Some businesses in states without a comprehensive privacy law might not feel all that concerned about data privacy compliance.

The key word to focus on here is “comprehensive”—not every state has a comprehensive data privacy law, but all of them have a consumer protection law with privacy-adjacent requirements.

Case in point: the New York Attorney General just settled with an app developer for a little north of half a million dollars over privacy violations. New York doesn’t have a comprehensive privacy law in place, but Saturn, a small business that developed a social media app intended exclusively for high schoolers, still ran afoul of state law due to its privacy practices. Specifically, Saturn did not verify users’ school email and age, allowing non-high schoolers to interact on the app.

It’s also notable that Saturn is a small business—large businesses might get the seven or eight figure fines that make headlines, but this can create the illusion that regulators only care about enterprises and privacy violations.

The bottom line is that if you handle consumers’ data (that’s every business out there), then data privacy is a factor you need to consider.

Best,

Arlo

P.S. We heard about an opening for a data privacy professional at a great company and thought we might as well give it a shout: Columbia Sportswear is hiring a Director of Global Privacy! If you’re passionate about privacy (and stylish outerwear), why not apply?

Highlights from Osano

What's New

Video: March’s Ask a Privacy Pro Series

Check out what questions Osano’s privacy experts fielded in the last month in our latest Ask a Privacy Pro video! This month, we touch on Amazon’s My Health, My Data suit; whether you need a “reject all” button on your banner; and more.

Watch now

Blog: How Osano Does DSARs

We’re subject to privacy laws too! That means we need to operationalize compliance, just like any other business. If you want to steal all our secrets and build an efficient subject rights request workflow at your organization, check out this blog.

On-Demand Webinar: Weathering the 2025 Whirlwind: How to Keep Calm and Carry On

Miss our recent webinar on all the new data privacy law updates in 2025? Don’t worry. You can access the recording free and on-demand here.

Watch now

Upcoming Webinars and Events...

A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow

Whether you are swamped by a deluge of subject rights requests or just want more time to spend on strategic work, managing SRRs effectively is a highly sought-after goal—one that's seldom achieved. In this webinar, Osano’s Senior Product Manager Chris Simpson and Lead Implementation Manager Christie Roy will show you the best (and worst) approaches to handling your SRR workflow.

Save your seat | March 27th

The Privacy Pro Survival Summit 2: This Time It’s Personal

In our second Privacy Pro Survival Summit, we’re putting the personal in personal data and showcasing a suite of thought leaders and experts from privacy, security, GRC, and related experts. Learn, connect with your peers, and maybe have a little fun along the way!

Save your seat | April 10th

Why Privacy Should Be the Marketing Industry Nonnegotiable in 2025

2025 is shaping up to be an inflection point for consumers, privacy professionals, and marketers alike. What’s driving this new consumer awareness of data privacy, and how should marketers adjust their strategy in light of it?

NY AG Settles with App Developer for $650k Over Failing to Protect Young Users’ Privacy

New York Attorney General Letitia James recently announced a settlement with Saturn Technologies, a developer of an app called Saturn used by high school students, for failing to protect young users’ privacy. Saturn failed to verify users’ school email and age to ensure they were high school students and allowed users from different high schools to interact with each other. As a result, Saturn Technologies must pay $650,000 in penalties and significantly change its practices to protect users.

CJEU Rules on Right of Rectification of Gender Identity

The Court of Justice of the EU (CJEU) recently ruled that the right of rectification (in Article 16 GDPR) requires a national authority to correct a person’s gender identity, where it is shown to be inaccurate. The authority, however, may require that person to provide relevant and sufficient evidence to establish that the information concerning their gender is inaccurate, but may not go so far as to require proof of gender reassignment surgery.

U.S. Senate Introduces Genomic Data Protection Act

Senators Bill Cassidy (R-LA) and Gary Peters (D-MI) introduced the federal Genomic Data Protection Act (GDPA). The Senators introduced the same bill at the end of last year, but the bill stagnated, and Congress adjourned soon after. While the GDPA bears some resemblance to state direct-to-consumer genetic privacy laws, the bill has certain unique features, such as applying to companies that purchase data from direct-to-consumer genomic testing companies and requiring that a direct-to-consumer genomic testing company provide notice to consumers if the company is purchased or otherwise acquired.

The Clash Between the UK Gov and Apple Over iPhone Encryption Is Making Waves

Privacy advocates worry that a change in an iPhone security feature in the United Kingdom, and the ongoing battle between Apple and the UK government, could have worldwide ripple effects. Earlier this year, the UK demanded, under the Investigatory Powers Act, that Apple create a backdoor to allow the government to access encrypted data on people's phones. But instead of making a backdoor, Apple burned the whole house down in the UK market, pulling the data protection tool, to avoid having to comply.

There's more to explore:

🎙️The Privacy Insider Podcast

We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.

📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands

The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.

If you’re interested in working at Osano, check out our Careers page!

Schedule a demo of Osano today

Arlo Gilbert

Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.

Blog

Check out some of our latest articles

Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.

View All Blog Posts View All Resources

Simplify Data Privacy Compliance

With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.

Book a Demo Get Started

The Osano Platform Overview

Cookie Consent

Subject Rights Management

Assessments

Unified Consent & Preference Hub

Data Mapping

Vendor Privacy Risk Management

Features & Integrations

TrustHub

Privacy Templates

GDPR Representative

Consult Privacy Team

Regulatory Guidance

Integrations

CPRA

CCPA

GDPR

For Non-Privacy Experts

For Legal & Compliance

For GRC, Risk & Security

Consent Management

DSAR Automation

Privacy Program Management

Vendor Risk Management

Articles

Resource Center

Customer Stories

U.S. Data Privacy Laws

Product Updates

The Newsletter

The Podcast

The Book

Events

Steps to Take in Response to 23andMe Bankruptcy Filing

About Us

Careers

Contact

Our Pledge

Data Licensing

Osano Swag Store

Press & Media

Partners & Resellers

Privacy Violations Without a Privacy Law

Arlo Gilbert

In this article

Sign up for our newsletter

Share this article

Highlights from Osano

What's New

Video: March’s Ask a Privacy Pro Series

Blog: How Osano Does DSARs

In Case You Missed It...

On-Demand Webinar: Weathering the 2025 Whirlwind: How to Keep Calm and Carry On

Upcoming Webinars and Events...

A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow

The Privacy Pro Survival Summit 2: This Time It’s Personal

Top Privacy Stories of the Week

Why Privacy Should Be the Marketing Industry Nonnegotiable in 2025

NY AG Settles with App Developer for $650k Over Failing to Protect Young Users’ Privacy

CJEU Rules on Right of Rectification of Gender Identity

U.S. Senate Introduces Genomic Data Protection Act

The Clash Between the UK Gov and Apple Over iPhone Encryption Is Making Waves

Like what you hear from the Privacy Insider newsletter?

🎙️The Privacy Insider Podcast

📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands

Arlo Gilbert

Arlo Gilbert

Share this article

Blog

Check out some of our latest articles

Steps to Take in Response to 23andMe Bankruptcy Filing

Privacy Violations Without a Privacy Law

California Penalizes Honda for Dark Patterns

Simplify Data Privacy Compliance