Hello all, and happy Thursday!
This week, the Osano team is strategizing, relaxing, and bonding as a team during our annual offsite. Osanians from across the country have gathered in Washington, D.C., to take in the sights and history, enjoy great food and drink, and deepen our relationships with one another.
As avid readers of this newsletter will know, a common refrain of ours is that data privacy is constantly changing and evolving—the same can be said of the Osano team. We never stop growing, both as a team and as trusted partners in our customers’ data privacy compliance efforts.
This week is an opportunity for us to focus on those twin responsibilities in person and ensure we’re all rowing in the same direction. As we return to our regular working schedules after this team offsite, we look forward to supporting your privacy programs and compliance efforts to the fullest extent possible.
Best,
Arlo
The European Commission has announced it wishes to conduct collective risk assessments with EU member states focusing on a number of emerging technologies, including AI. Specifically, the Commission recommends conducting risk assessments on six AI technologies categories: high-performance computing, cloud and edge computing, data analytics, computer vision, language processing, and object recognition.
The Information Commissioner’s Office (ICO) has issued a preliminary enforcement notice against Snap (the developer of Snapchat) over a “potential failure to properly assess the privacy risks posed by its generative AI chatbot ‘My AI’.” The preliminary notice doesn’t necessarily mean enforcement is coming—Snap will have the opportunity to make its case, but it may be blocked in the UK if it fails to demonstrate an adequate risk assessment of its My AI chatbot.
International data transfer mechanisms between the EU and the U.S. have always been tenuous—the Data Privacy Framework (DPF) is the third such mechanism, and like its predecessors, is facing numerous legal challenges. Currently, the DPF is facing challenges from both French MEP Phillippe Latombe and Max Schrems’s NOYB (“None of Your Business,” a privacy rights advocacy group).
Meta is attempting to walk the line between ethical AI data scraping and invasive privacy practices with its new AI assistant. According to Meta President of Global Affairs Nick Clegg, Meta did not use private chats on its messaging services as training data for the model and took steps to filter private details from public datasets used for training. "We've tried to exclude datasets that have a heavy preponderance of personal information," Clegg said, adding that the "vast majority" of the data used by Meta for training was publicly available.
This year, Texas Governor Greg Abbot signed the Texas Data Privacy and Security Act (TDPSA) into law, bringing the Lone Star state into the fold of U.S. states with a comprehensive data privacy law aimed at protecting consumers. Learn everything you need to know to get up to speed with this U.S. data privacy law.
If you’re interested in working at Osano, check out our Careers page!