Hello all, and happy Thursday!
Before we dive into this week’s privacy news, we have an exciting announcement to share: We've refreshed the Osano brand!
If you haven’t recently, take a look at our new website (or this newsletter, for that matter). You’ll notice that in addition to refreshing the Osano brand, we’ve also updated our pricing and packaging. (If you’re an existing Osano customer, we've sent you an email going into more information about what to expect—but the short version is that your subscription and product access have not changed.)
Although our look and feel may have changed, here’s what hasn’t: We’re still the privacy, legal, and technical experts you can rely on to support your organization’s compliance, and we’re still thrilled to be enabling consumer trust in modern brands.
Given this announcement, I’ll keep this week’s newsletter introduction short, but I’d be remiss not to draw attention to the $1.3 billion fine that Meta recently received from EU authorities. It is easily the largest GDPR fine to date. For context, it’s also larger than all fines issued by European data protection authorities in 2022 combined—and 80% of all of 2022’s fines were levied against Meta! Clearly, EU authorities aren’t thrilled with Meta’s GDPR compliance track record.
Best,
Arlo
After Montana Governor Greg Gianforte signed a law banning app stores from offering TikTok, the social media company has issued a lawsuit to fight the state’s ban. The law would penalize TikTok with fines of up to $10,000 per day per violation if it continues to operate in the state as well as Apple and Google if they allow Montana users to download the app.
In response to a series of GDPR infringements described as “systematic, repetitive and continuous," EU authorities have fined Meta the equivalent of $1.3 billion. The violations primarily center around the transfer of EU users’ data to the U.S., where it is treated with a lesser degree of protection compared to the EU.
According to the FTC, Easy Healthcare’s Premom Ovulation Tracker app shared sensitive information with third parties without users’ permission and violated the Health Breach Notification Rule. The shared data included a range of sensitive health information used to predict ovulation cycles, including period logs, ovulation test strips, recorded body temperatures, and more.
Google was able to collect and profit from Washington state consumers’ location data, even though consumers disabled Google tracking technology on their smartphones and computers. In order to settle a suit from the state Attorney General, Google has been ordered to pay $39.9 million to the state.
In a unanimous vote, the FTC adopted a policy clarifying how and when the use of biometric data violates Section 5 of the FTC Act, which prohibits unfair or deceptive acts or practices in or affecting commerce.
GDPR’s extraterritoriality can be confusing for businesses. After all, why should you have to follow another country’s laws? This blog breaks down why and when U.S. businesses need to comply with the GDPR.
If you’re interested in working at Osano, check out our Careers page! We might have the perfect opportunity for you.