Ch-Ch-Ch-Changes
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: May 4, 2021
Welcome to Privacy Insider, a round-up of the week's most important stories.
When Virginia joined California as the second U.S. state to successfully enact privacy legislation, there was a sense that the dominoes were about to tumble. That is, states would quickly start to pass bills that looked more or less like the California Consumer Privacy Act until there were enough states passing laws it would push the federal government to act. Companies will only tolerate so much of a compliance burden, and hiring lawyers and consultants for guidance on different (even if similar) legislation across 50 states is expensive, time-consuming and a headache. Eventually, tech lobbyists would push Congress to give them one rule all across the board.But what will always get in the way, whether we're talking about federal or state privacy bills, is whether they include a private right of action (PRA). While California's law does provide a private right of action, meaning consumers can sue in case of a breach, Virginia's law does not provide such relief.
In Florida, the private right of action was the bill's kiss of death. The House failed to pass the bill into law because its Senate companion bill did not contain a private right of action, and some lawmakers worried about passing a bill without that provision. But for the business community, the bill's failure was seen as a win. Companies dare not expose themselves to the kind of risk a PRA presents. For example, in California, companies can face fines of up to $7500 per violation. If millions of records have been breached, that's an extraordinary cost.
Florida need not feel lonely in its failure here, though. Washington and Oklahoma also couldn't negotiate a deal before their legislative sessions ended. The question now is whether states watching these showdowns over PRAs are going to figure out a way to bridge the divide between industry lobbyists and those pushing for consumer rights. There may be tactics learned in the states' negotiations, these "laboratories of democracy," that could prove helpful when Congress gets closer to passing a federal privacy bill.
For now, though, I thank Florida for letting my Dad and me visit Minnie, and I hope it has better luck on privacy legislation next time.
Enjoy reading, and I'll see you next week!
Florida’s push to pass a privacy bill fails
Florida’s push to pass privacy legislation stalled last week when a bipartisan bill died in the House as the state’s 60-day legislative session came to a close. HB 969 would have given consumers the right to opt-out of the sale or sharing of their personal information. It also would have allowed consumers to file a lawsuit against companies who sold or shared their data after they’d opted out or if their data was breached.
Read Story
2. Lawmaker re-introduces federal privacy bill, hopes second time’s a charm
Sen. Jerry Moran, R-Kan., has reintroduced the Consumer Data Privacy and Security Act. The bill, which was first introduced in 2020 but failed to make it out of a Senate committee, would create rules for U.S. businesses that collect, process and use consumers’ personal data, the report states. The bill doesn’t yet have a companion in the House.
Read Story
3. Chinese regulator gives 33 mobile apps 10 days to comply or face fines
Reuters reports that China’s internet watchdog found 33 mobile phone apps broke data privacy rules by collecting data without consent. The Cyberspace Administration of China said the apps also collected more data than necessary and didn’t delete it, as required by law. Now, the companies have 10 days to come into compliance or face fines, the report states.
Read Story
4. What are my obligations under the California Privacy Rights Act?
While many companies are still working to meet their obligations under the California Consumer Privacy Act, the law that will replace it looms ahead. Effective January 1, 2023, the California Privacy Rights Act builds on the CCPA’s requirements by carving out obligations on sensitive data, requiring data protection impact assessments and allowing consumers to opt-out of having their data used for profiling. In this piece, we compare CCPA to CPRA in an easy-to-read chart.
Read Story
5. Irish privacy regulator’s proposed WhatsApp fine too small, counterparts say
Several EU data protection authorities are pushing back against Irish Data Protection Commissioner Helen Dixon’s draft decision on WhatsApp, a messaging service that Facebook owns. Dixon planned to fine WhatsApp up to 50 million euros for breaching the EU’s General Data Protection Regulation. But Dixon’s counterparts feel the fine is too small. Now, the commissioner’s office has triggered Article 65 of the GDPR, the “dispute resolution mechanism.”
Read Story
6. Number of users blocking ads on mobile devices ‘surging’
The number of online users blocking ads is surging. While ad blocking on personal computers has remained level, a recent study indicates the number of people blocking ads on mobile devices has doubled in the last five years. In PageFair’s Adblock report, 58% of U.S. respondents said they’d blocked ads for privacy reasons, CNET reports.
Read Story
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Osano Staff is pseudonym used by team members when authorship may not be relevant. Osanians are a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.