Hello all, and thanks for reading today.
I think it’s safe to say that work, business, and privacy management are not top-of-mind for most people this week–even privacy professionals. Elections are profound and emotional in the calmest of circumstances, and change is hard. Distraction is understandable. Whatever you are feeling about the outcome of Tuesday’s vote, I hope you are well and taking the time you need to process.
Fortunately, if there’s one thing both parties can agree upon, it’s that data privacy is worth protecting. Though we have yet to pass a federal privacy law, efforts to do so have been bipartisan. Everyone has a vested interest in safeguarding consumer data. And that’s not expected to change with a new administration. Recently on The Privacy Insider Podcast, I talked with Peter Swire–law professor, privacy expert, and the nation’s first Chief Privacy Counsel–about this very topic. I encourage you to check it out if you haven’t listened yet.
Whatever happens in Washington, there’s been plenty of privacy activity at the state level this week, from the long-awaited draft of a comprehensive AI regulation bill in Texas (as an Austinite AND an AI junkie I’m digging into that) to a new complaint alleging that Florida’s Online Child Safety Law violates the First Amendment and usurps parental authority (as a parent, I’m watching that, too).
And globally, privacy regulation never sleeps. The European Data Protection Board (EDPB) adopted its first report under the EU-US Data Privacy Framework, and Meta got slammed again, this time with a $15 million fine over data privacy violations in South Korea.
There’s plenty to catch up on, here and around the world. Or maybe you need a break. All good. Take care this week and remember to do the right thing.
Best,
Arlo
How can privacy prove its value to the business and be seen as more than "just" a cost center? Find out how to demonstrate ROI and gain allies in this webinar.
November 7 | Save your seat
What is the potential election impact on privacy and the general political landscape around what’s universally considered to be an important issue and fundamental right? Georgia Tech Law Professor and Future of Privacy Forum Fellow Peter Swire joins us to talk about privacy and politics.
Privacy, sales, and marketing are natural allies—not opponents. They have more to gain by working together than they do by working against one another. We’ll explain why and how in this webinar.
November 14th | Save your seat
On January five state privacy laws are going into effect: Four of them on January 1. 2025 is going to be a busy year for privacy compliance. Are you ready? Get ready at this preview webinar, where Osano and our guests from Husch Blackwell will tell you everything you need to know.
December 5th | Save your seat
This week, we’re seeing more global enforcement of consent as South Korea’s privacy watchdog hits Meta with a hefty fine of 21 billion won (that’s roughly $15 million in USD). Meta incurred the fine after an investigation found the company had been illegally collecting sensitive information from Facebook users, including their political views, religion, and even their sexual orientation. One might get the impression that it’s hard to protect sensitive data and do the right thing. (Spoiler alert: It’s not.)
On Monday, the Texas legislature got a first look at a proposed AI bill for the state, and it’s a big one. The draft’s author, Rep. Giovanni Capriglione (R) described the draft, dubbed the Texas Responsible AI Governance Act, as taking a risk-based approach to AI regulation, seeking to guard against algorithmic discrimination by automated decision-making systems. The bill exempts AI models that are used for research or testing as part of a “sandbox program,” and it does not cover low-risk AI systems.
The European Data Protection Board (EDPB) has adopted its first report on the EU-U.S. Data Privacy Framework, noting the efforts by U.S. authorities and the European Commission to implement the framework and highlighting the need for further guidance and monitoring. Among other things, the report underscores the importance of ensuring robust safeguards and practical measures for data transfers, which are crucial for maintaining compliance and protecting individuals’ privacy rights.
The CCIA and NetChoice have co-filed a complaint alleging that Florida HB3, the online child safety bill signed into law by Governor Ron Desantis in March, violates the First Amendment and oversteps parental control over children’s actions. The complaint centers on a section of the law that bans users under 14 years of age from accessing social media and requires the use of age verification for explicit sites. The law is set to go into effect on January 1, 2025.
A tip for any data brokers out there: If you aren’t yet registered in California, you better get registered. The Enforcement division of the California Privacy Protection Agency (CPPA) announced late last week that it is conducting a public investigative sweep of data broker registration compliance under the Delete Act. CPPA enforcement head Michael Macko says Division will seek to recover statutory fines ($200/day) from brokers that failed to register "because it's unfair to the data brokers who have complied with their obligations." The Delete Act also requires data brokers to pay an annual fee which funds the registry and the development of a first-of-its-kind deletion mechanism.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!