AI Bellwethers in the US and EU
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: March 23, 2021
Welcome to Privacy Insider newsletter, a round-up of the week's most important privacy news.
When lawmakers can finally boast that they've completed the ePrivacy Regulation, it will be a big deal. It will update a now 20-year-old law, the ePrivacy Directive, and keep electronic communications protected. Updating the Directive means it will apply to telecommunications and internet companies that the law currently covers, but also other technology services such as web-based email and social media messaging services
Of note: A regulation updating what can and can't be done with electronic data is not something that thrills the ad tech industry, for one.
I have to admit that I frequently roll my eyes when the ePrivacy Regulation comes up in conversation. It's sort of akin to the U.S. talking about a federal privacy law. Though a direct comparison wouldn't be accurate, both have struggled legislatively to gain enough traction to become real-life laws. While the European Commission adopted a proposal in 2017, progress has stalled throughout several leadership changeovers (the Council of the European Union rotates member-state presidencies every six months). It's stalled for four straight years under nine different presidencies, despite promises from each that they'd be the country to get it done.
Now, Portugal holds the presidency and has reportedly made substantial efforts to jumpstart negotiations again. For the draft to become final, it must go through the "Trilogue" process, negotiations between the European Commission, the European Parliament and the Council.
While European politicians and onlookers alike were thrilled when, on Feb. 10 of this year, the European Council found agreement on the text and moved it along to negotiations with the European Parliament, it doesn't mean the draft is signed, sealed, delivered.
Margrethe Vestager, executive vice president of the European Commission, said this week she's worried that the Regulation as drafted doesn't align with the EU General Data Protection Regulation as intended.
So, while things are looking up, and even Vestager admits that "things are finally happening and moving forward," there's a whole lot to negotiate — like data retention requirements and rules on processing metadata — before compliance planning can begin.
Enjoy reading, and I'll see you next week!
Coalition calls for a ban on 'surveillance advertising'
A group of nearly 40 organizations has called for a ban on "surveillance advertising," TechCrunch reports. In an open letter, the organizations write, "Social media giants are eroding our consensus reality and threatening public safety in service of a toxic, extractive business model. That's why we're joining forces in an effort to ban surveillance advertising." The groups include privacy, antitrust, consumer protection and civil rights groups.
Read Story
2. California appoints five privacy experts to inaugural privacy enforcement agency
On March 18, California government officials announced the five experts in privacy and technology to lead the administrative agency responsible for enforcing California's privacy law. Five experts in privacy, technology and consumer rights will staff the Consumer Privacy Protection Board, Lake County News reports. The California Privacy Rights Act (CPRA) established the board's existence. The CPRA passed the ballot in 2020 and will supplant the California Consumer Privacy Act.
Read Story
3. EU Commissioner: Current ePrivacy proposal needs work
The executive vice president of the European Commission said she has reservations about the Portugal presidency's bid to push the ePrivacy Regulation forward. The regulation has been in limbo for years, though it was meant to pass at the same time as the EU General Data Privacy Regulation (GDPR) in 2018. Margrethe Vestager said Portugal's proposal, which the European Council approved, doesn't align with the GDPR's rules as intended. "They are not supposed to play the same role, but they should be aligned, and we will work on that issue," Vestager said.
Read Story
4. Privacy commissioner wants more protections in data-sharing bill
The Australian privacy commissioner has called for additional privacy protections in a proposed law to facilitate government data sharing. The commissioner's office said the Data Availability and Transparency Bill must contain other safeguards and has asked that it incorporate the same definitions as those in the country's Privacy Act. Digital Rights Watch also has problems with the draft text, citing it would make it easier for government agencies to share individuals' personal data among themselves and accredited third parties.
Read Story
5. Advertisers unclear on what to expect from Google in a post-third-party cookie world
Google's Privacy Sandbox and its plans to replace third-party cookies in the coming year are causing some confusion. It's not entirely clear what advertisers can do with their first-party data once Chrome makes the change. "I think the issue is people refer to the Google Privacy Sandbox as one thing when it's really a collection of many potential solutions," said one stakeholder. Digiday reports on what we know so far.
Read Story
6. NIST wants feedback on new BYOD privacy and security guide
The National Institute of Standards and Technology (NIST) has released draft guidance for enterprise bring-your-own-device policies, Health IT Security reports. The guidance aims to "provide system administrators with a standards-based approach" to employee mobile devices that might contain company data. NIST has asked stakeholders for feedback on the guidance by May 3.
Read Story
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Osano Staff is pseudonym used by team members when authorship may not be relevant. Osanians are a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.