ADMT & Employment
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: October 13, 2022
Hello and happy Thursday, everyone! There has been some exciting news in the privacy space this past week — namely, President Biden’s executive order describing the implementation of a Data Privacy Framework to support compliant EU-US data transfers.
Those of you who have been in privacy for a while will know that EU-US data transfers have been a bit of a bugbear.
First, businesses relied on a framework known as the Safe Harbor Privacy Principles to ensure compliant data transfers. This framework was invalidated in 2015 in a court case known as Schrems I, named after lawyer and privacy advocate Max Schrems. Schrems alleged that “the law and practice of the United States do not offer sufficient protection against surveillance by the public authorities,” essentially arguing that US intelligence agencies could collect EU citizens’ data as they wished under the Safe Harbor provisions.
Next, there was the Privacy Shield, which replaced the Safe Harbor provisions. The Privacy Shield lasted until 2020, when it was invalidated by the European Court of Justice in the Schrems II court case, again over insufficient protections against government surveillance of EU citizens’ data.
Now, the Biden Administration has announced an executive order detailing how it will implement the Data Privacy Framework. This framework was agreed to by both President Biden and European Commission President von der Leyen in March 2022. The Data Privacy Framework features explicit safeguards and reviews for US intelligence activities as well as a means for EU citizens to seek redress for privacy violations, which is a good step in the right direction. Even so, one has to wonder whether the framework will stick, given the history of international data transfer frameworks between the EU and the US.
The business community is hoping that there won’t be a Schrems III on the horizon—but that may very well be the case. Max Schrems’s organization, None of Your Business (stylized as noyb), has issued a preliminary statement arguing that the framework is unlikely to satisfy EU law. As of this writing, the organization is working on a more in-depth analysis that may signal its intentions more clearly, but the decision to uphold the Data Privacy Framework ultimately rests with the Court of European Justice. Time will tell.
Best,
Arlo
President Biden signs executive order to implement the European Union-U.S. Data Privacy Framework
President Biden recently signed an executive order designed to protect data transfers between the EU and US and replace the previously invalidated Privacy Shield. Unlike previous international data transfer frameworks, the Data Privacy Framework takes steps to address the EU’s concerns over US intelligence agencies’ access to EU citizens’ data.
Read more
noyb: New US executive order unlikely to satisfy EU law
Responding to President Biden’s recent executive order establishing a new data privacy framework for international data transfers, Max Schrems’s privacy advocacy group noyb (or None of Your Business) published an article describing their initial reactions. noyb, which was responsible for the court case that invalidated the Privacy Shield, indicated that they did not believe the order would meet the standards of EU law and that they would release a deeper analysis in the future.
Read more
Dutch employee fired by U.S. firm for shutting off webcam awarded €75,000 in court
A Dutch employee of a Florida-based software company was awarded €75,000 by a Dutch court for wrongful termination after being fired for refusing to take part in an invasive training program at work. The employee was instructed to leave his web camera on and to share his screen for the entire workday.
Read more
A first look at the Colorado Privacy Act Proposed Rules
The Colorado Attorney General’s Office recently issued its proposed rules for the Colorado Privacy Act, which will go into effect on July 1, 2023. JD Supra analyzes the proposed rules, including rules on consent requirements, data governance, subject rights requests, and more.
Read more
Retailer Easylife fined £1.5m for data protection breaches
The UK’s Information Commissioner’s Office (ICO) has levied a £1.5m fine against Easylife, a catalog retailer. The ICO claimed Easylife was using customers’ purchasing decisions to build up profiles for advertising purposes without first gathering consent from those customers.
Read more
Which Company Has the Worst Online Privacy Policy?
A recent report analyzed various businesses’ online privacy policies, taking into account lexical difficulty, length, and privacy concerns. Among other findings, the report indicated that some businesses’ privacy policies received readability scores of less than 3 out of 100, took hours to read, and described privacy practices that average consumers would likely be surprised by.
Read more
Osano blog: An analysis of the Sephora enforcement action
Sephora was recently hit with a $1.2 million fine from the California Attorney General’s Office, making it the first enforcement action of the CCPA. The Attorney General’s Office announcement made it clear that this wasn’t the only investigation into CCPA violations that it was conducting, and that businesses can expect further investigations once the CPRA goes into effect on January 1, 2023. We analyze Sephora’s violations, the enforcement action, and major takeaways in our blog.
Read more
Watch: Meet our leadership team
Curious about the people behind Osano? Our new video series features interviews with Osano’s leadership to talk about what makes us different and what we expect to see in the compliance and privacy space in the future. This installment features an interview with Scott Hertel, Osano’s CTO.
Watch now
Interested in working at Osano? Check out our Careers page! We might have the perfect opportunity for you.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.