Ch-Ch-Ch-Changes
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: March 30, 2021
Welcome to Privacy Insider newsletter, a round-up of the week's most important privacy news.
If you're following U.S. states' race to pass privacy laws, there's been movement on three bills that are worth your attention.
In Washington state, the House Committee on Civil Rights & Judiciary passed the Washington Privacy Act (WPA). The bill, which includes a private right of action as a consumer remedy, will be passed on to the appropriation committee. This is significant because it was a private right of action that killed the WPA in its last push for passage. But, as David Stauss writes for JDSupra, this private right of action is more narrow than the previous, increasing the bill's chances for survival.
Washington is keen to get a privacy law on the books (finally) after two failed attempts and a process that began in 2019. Many expected the state to be the next to pass a privacy law after California -- until Virginia swooped in and passed its own.
Second: Oklahoma's House of Representatives passed the Oklahoma Computer Data Privacy Act on March 4. The bill looks a lot like California's Consumer Privacy Act (CCPA), but unlike the CCPA, it would require consumers' opt-in consent before businesses could collect, use or sell their personal information. However, the bill does not allow consumers to pursue a private right of action in its current form. Obviously, industry hates the opt-in consent provisions and loves that the legislation doesn't allow for private lawsuits. And for privacy advocates, the reverse is true.
Lastly, pay attention to Colorado. On March 19, lawmakers introduced the Colorado Privacy Act. The bill would allow consumers to opt-out of businesses' processing of their personal data, unlike Oklahoma's opt-in model. It also includes rights on data access, correction and deletion.
Enjoy reading, and I'll see you next week!
EU Commission reaches draft agreement with South Korea on data flows
The European Commission says it has reached a draft agreement with South Korea on the free flow of data between the two countries, Reuters reports. The agreement, which must now be approved by European Parliament and the European Data Protection Board, follows four years of negotiations. "The European Commission will now proceed with launching the decision-making procedure with a view to having the adequacy decision adopted as soon as possible in the coming months," said a spokesperson for the commission.
Read Story
EU Commission vice president: We’ll intervene if DPAs can’t get along
Following criticism about the length of time it’s taking the Irish data protection commissioner to resolve investigations of big tech companies like Facebook and Apple, one EU commissioner said the “public squabbles” have to stop. European Commission Vice President Vera Jourova said if data protection authorities can’t “focus on the issues and improve their cooperation,” the EU would “have to consider an intervention probably in the direction of a more centralized model.”
Read Story
Industry pushes for ‘vaccine passports,’ but what about privacy risks?
While the tourism and entertainment industries push for a COVID-19 “vaccine passport” to allow those vaccinated to travel more freely, the sensitive health data it would involve is raising privacy concerns, CNBC reports. Singapore Airlines is piloting a “travel pass” the International Air Transport Association launched that incorporates blockchain as a safeguard. The data is stored on a person’s cell phone and not in a centralized database. The EU Commission says its own proposed plan would involve “essential information” only.
Read Story
Need to data map? Here’s how to get started
Data mapping sounds kind of dreadful, doesn’t it? Overwhelming at least. When you imagine the trails of data stretching for virtual miles at even small companies, mapping where it all leads can feel like an arduous task. And to be honest, it is. This how-to guide aims to inform you of the process, who to involve and what to expect.
Read Story
Advertisers scrambling for personal data in response to third-party cookie phase-out
When Google announced it would phase-out third-party cookies, it looked like a win for the privacy advocates who’ve been calling the tracking technology a privacy invasion for years. But in response, advertisers and other organizations are finding ways to create what they say is technically “first-party data,” to fuel the ad tech supply chain, Digiday reports. In addition, because the end of third-party cookies is near, there’s been a big push to collect as much first-party data as possible to compensate for the impending loss.
Read Story
UK rethinks COVID-19 contract with Palantir
The U.K. government has paused an agreement with data-mining company Palantir after first signing an emergency contract with the firm in December 2020 to help fight COVID-19. Civil liberties organization OpenDemocracy filed legal proceedings against the two-year contract, which would have given Palantir access to the NHS COVID-19 database. The NHS has now agreed to conduct a data protection impact assessment ahead of any new contract, ComputerWeekly reports.
Read Story
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Osano Staff is pseudonym used by team members when authorship may not be relevant. Osanians are a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.