ADMT & Employment
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: April 20, 2021
Welcome to Privacy Insider, a round-up of the week's most important stories.
Last week, I wrote to you about the class-action settlement between private citizens and companies, including Disney, Viacom and Comcast. The companies and some of their partners got in trouble for tracking kids online and collecting their data without consent. It's not a story that a ton of my "privacy friends" are tweeting. But it seems like a huge deal. Even the New York Times said the settlements could "reshape the children's app market." So I've been thinking about why it's not making a bigger splash.
Looking at it from my tiny bubble, I realize I've always ignored children's privacy issues. After all, I don't have any kids. And I don't have any big plans to have any soon. (After all, taking a husband is hard enough. When you cast a global pandemic on the dating scene, finding a partner becomes a project for another year.)
But I've always loved the Ghandi quote, "The true measure of any society can be found in how it treats its most vulnerable members." I think I wasn't attracted to children's privacy issues because it seemed they didn't apply to me. It was someone else's battle to fight for the sake of their offspring. But that's not true.
The way children are cared for and protected by a company says a lot about not only its values but also the competitive ecosystem they're operating within. When sites or apps surreptitiously track children, they're often doing so because they can get away with it. And if it's a well-known secret that many of their peers are too, it doesn't seem so naughty. But that illustrates decision-making based not on respect for the customer but this grab-all-the-data-you-can frenzy. We've all heard the expression "data is the new oil," and getting a hold of children's data doesn't take much digging if you're thwarting parental consent and following them around the web because your software happens to allow it.
If we care about profit more than we care about protecting some of the most vulnerable — the little kids with their runny-noses and pigtails and incessant questions — how do you think these companies view their duties to you and me? We're way less cute. And we've got credit card data on our persons.
For more on why the settlements could significantly impact the adtech ecosystem, see my new feature below. It was a super fun story to write.
Enjoy reading, and I'll see you next week!
In a leaked draft that made the rounds on Twitter last week, the EU indicated plans to ban artificial intelligence (AI) for specific uses, The Verge reports. The draft suggests the EU aims to forbid AI-deployment for the purposes of mass surveillance and social credit scores. The regulations also indicate member states would be required to set up “assessment boards” to test “high-risk AI systems.” Companies that illegally develop or sell prohibited AI technology could face fines up to 4% of their global revenue, the report states.
Read Story
2. Irish privacy regulator investigating Facebook breach affecting 533 million
The Irish Data Protection Commissioner has launched an investigation into Facebook’s data breach, reported earlier this month. The breach affected some 533 million users globally. The DPC said in a statement that based on information Facebook Ireland provided, the regulator is “of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users’ personal data.” Facebook said it’s fully cooperating with the investigation.
Read Story
3. Settlement indicates SDKs are on the hook for privacy
April 13, a California judge approved settlements in three separate class-action lawsuits involving Disney, Viacom, Comcast and several adtech firms. The settlement doesn’t include monetary relief, but it does require the companies to make changes to their databases and processes to prevent them from collecting children’s data without parental consent or tracking children online. Some say the settlement will impact the entire adtech ecosystem.
Read Story
4. EU, US officials getting serious on Privacy Shield replacement
As companies eagerly await a new proposal, EU and U.S. officials are “intensifying negotiations” on a cross-border data flow framework, CNBC reports. The European Court of Justice invalidated the Privacy Shield agreement in 2020 in what’s referred to as the Schrems II judgment. Privacy Shield replaced the Safe Harbor agreement, which the court also struck down. Neither mechanism protected Europeans from mass surveillance, the court reasoned.
Read Story
5. Florida aims to join Virginia, California in passing state privacy law
Despite pushback from industry, privacy bills in the Florida House and Senate will see final votes this week. Businesses are unhappy with the House bill in question (HB 1734) because it would allow private citizens to sue them for data privacy violations, the Herald-Tribune reports. But the bill’s sponsor says the time has come to regulate given that, “We all sort of feel uncomfortable about the role technology has in our lives without us knowing what’s going on.”
Read Story
6. Perhaps the most misunderstood privacy law: HIPAA
In an explainer, Vox discusses one of the most commonly misunderstood and misspelled information privacy laws: HIPAA. While the Health Insurance Portability and Accountability Act does include privacy provisions, they’re much more narrow than people believe. HIPAA applies only to covered entities, like doctors and pharmacies, as well as their contracted third parties. But the pandemic revealed all kinds of misunderstandings about the law, including that individuals could opt-out of mask mandates because of it.
Read Story
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Osano Staff is pseudonym used by team members when authorship may not be relevant. Osanians are a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.