ADMT & Employment
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: March 9, 2023
Hello all!
It’s an especially notable week in privacy because the UK government has reintroduced their new version of the GDPR, the Data Protection and Digital Information Bill.
Businesses might feel frustrated at the proliferation of yet more data privacy regulations. However, they should take comfort in the fact that the bill is more like a UK version of the GDPR than a complete overhaul. In addition, according to its sponsors, the bill will “reduce costs and burdens for British businesses and charities, remove barriers to international trade and cut the number of repetitive data collection pop-ups online.”
The bill purports to reduce the burden of compliance on small businesses through a variety of reforms, such as only requiring organizations with high-risk processing activities to keep processing records.
All told, the bill represents a reaction to some of the GDPR’s more burdensome requirements. The biggest criticism of regulation as a whole is that it’s anti-competitive; only large enterprises have the resources to dedicate to compliance, while small businesses are subject to an undue burden. At the same time, consumer rights need to be respected, and there’s just no guarantee they will be without legal protection.
Legislators know this, and each of these new laws can be thought of as experiments to identify the right blend of restrictive and permissive provisions. Eventually, we’ll find the right mix. But until then, the business community will have to contend with a small galaxy of legislation.
The bill still has a long way to go—the UK legislative process involves several stages of readings, debates, and votes—and it may undergo significant changes as it proceeds through the legislature. We’ll be tracking its process and any developments in Privacy Insider.
Best,
Arlo
P.S. The Osano team will be attending the International Association of Privacy Professional’s (IAPP’S) Global Privacy Summit in Washington D.C. this April! If you’ll be attending as well, come by booth 318 to ask questions, talk about all things data privacy, or just say hi.
Texas state representative introduces comprehensive state privacy bill draft
Texas State Representative Giovanni Capriglione has introduced a new comprehensive privacy bill modeled after the Virginia Consumer Data Protection Act (VCDPA). If it passes, the bill would make Texas the sixth U.S. state to enact major privacy legislation, following California, Virginia, Colorado, Utah, and Connecticut.
New U.S. House data privacy bill could limit state insurance regulators' authority
The U.S. House Financial Services Committee is considering a bill that would update the data privacy provisions in the Gramm-Leach-Bliley Act of 1999. The bill, referred to as the Data Privacy Act of 2023, would expand privacy notice requirements, make it easier for consumers to opt out of data-sharing, and let federal data privacy standards preempt state privacy standards, among other provisions.
FTC to ban BetterHelp from sharing mental health data with advertisers
The FTC alleges that BetterHelp, a popular online mental health counseling service, shared email addresses, IP addresses, and information users filled in a preliminary health questionnaire during signup, with Facebook, Snapchat, Criteo, and Pinterest. These third parties then used consumers’ information for advertising and to identify consumers with similar profiles and promote BetterHelp’s counseling services. The FTC is proposing to ban BetterHelp from engaging in this data sharing practice and to pay $7.8 million to its users.
Irish Data Protection Commission publishes 2022 Annual Report
The Irish Data Protection Commission recently published its report on its activities over the course of 2022. Among other findings, the report highlighted the over €1 billion in fines, the closure of over 10,000 cases, and nearly 6,000 data breach notifications.
Privacy bill to move forward in Canadian House of Commons next week as TikTok concerns grow
Partially in response to scrutiny over TikTok’s data collection practices, Canadian representatives are advancing a previously unprioritized privacy bill for debate at a second reading once the House returns from a two-week break Monday. The bill would strengthen requirements around disclosure, data collection consent, and enforcement.
New UK privacy bill introduced
The UK has introduced a new data privacy protection bill to replace the GDPR known as the Data Protection and Digital Information Bill. After Brexit, the UK retained a number of EU laws, including the GDPR. The bill was first introduced last summer and paused in September 2022 to allow time for a co-design period with business leaders and data experts. Should the bill pass, the UK government estimates it will create £4.7 billion in savings for the UK economy over the next 10 years
WhatsApp agrees to be more transparent on policy changes, EU says
Following complaints from consumer bodies across Europe, WhatsApp has agreed to transparently explain changes to users’ contracts, to prominently display the option for users to accept or reject changes, and more.
Osano blog: Making the business case for your data privacy program
Most organizations underestimate the scope needed for a truly functional data privacy program, if they’re willing to dedicate resources to data privacy at all. This blog post provides actionable tips for privacy professionals interested in “selling” the idea of a data privacy program internally.
If you’re interested in working at Osano, check out our Careers page! We might have the perfect opportunity for you.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.