Welcome to June's GrailMail! We’re back with essential updates, in depth analysis, and actionable insights to help you stay ahead of the curve in the data privacy landscape.
View in browser
DataGrail-Logo-HorizontalLockup-969690
GrailMail_Hero_Update_240531
 

Happy June, folks. ā˜€ļø

 

The world of data privacy is advancing at breakneck speed, bringing both challenges and opportunities. From navigating new state privacy laws to managing a surge in data subject requests, staying ahead requires the right insights and tools. That’s why this month’s newsletter is packed with resources to help you keep your strategies one step ahead.

 

Let’s dive in.šŸ‘‡

 

Consumers are increasingly aware of online privacy risks like data breaches, selling of their personal data, online tracking, identity theft, and the irresponsible use of AI. Stricter data privacy laws reflect the growing importance of addressing these concerns. DataGrail's brand new 2025 Data Privacy Trends Report reveals how these shifts impact businesses and offers benchmarks to track progress.

June GrailMail_Trends

In this report, you'll get insights into:

  • How many data subject requests (DSRs) businesses are getting (spoiler: it’s a lot more than last year),
  • Which types of DSRs are most common
  • The high costs of handling with privacy requests
Get the report

GrailMail Headers

Here’s the data privacy news you need to know from June. šŸ‘‡

 

šŸ¤– Meta plans to automate 90% of its internal risk and data protection checks using AI

  • The system will assess risks based on questionnaires filled out by product teams, replacing most manual reviews. Meta says human oversight will still be used in complex cases, and only "low risks" will be automated. The company also states that products in the EU will continue to follow a separate review process. Read more here.

 

šŸ’° Data privacy, compliance spend rises alongside AI efforts

  • More than half of global businesses increased data privacy and protection compliance budgets, with the average organization growing this spending category by 46%. Among U.S. organizations, spend increased 71% year over year. Read more here.

 

🧬 US states sue 23andMe to protect customers’ private data

  • Twenty seven states, including Pennsylvania, Michigan and Florida, and the District of Columbia filed the lawsuit this month in 23andMe’s US bankruptcy proceedings in Missouri, seeking a declaration that it cannot sell customers’ genetic data without their consent.  Read more here.

 

šŸ›”ļø California, Colorado, Vermont & Others Oppose 10-Year Ban on AI Enforcement

  • State privacy regulators from California, Colorado, Vermont, and other leading states are urging the Senate to reject a proposed federal moratorium that would block state enforcement of AI and automated decision-making laws for a decade. In a joint letter, they argue the ban would undo hard-won consumer protections. Read more here.

Watch our most recent webinar for a breakdown of upcoming U.S. privacy regulations in Minnesota and Tennessee and their implications.

    May

    GrailMail Headers (2)

    DataGrail Data Privacy Platform Updates

     

    The last month brought new Processing Activities capabilities in Live Data Map, new DataGrail API v2 for deeper DSR automation, mobile-friendly data subject verification, and more.

     

    šŸ” What’s New?

    • With the introduction of Processing Activities in Live Data Map, DataGrail empowers privacy teams to manage data processing records more efficiently and at scale
    • DataGrail has introduced DataGrail API v2, offering expanded capabilities for managing Data Subject Requests (DSRs) at scale. This update provides more granular access to DSR data, enabling teams to integrate seamlessly with internal systems and automate workflows more effectively.
    • Our industry-leading integration network continues to grow. We’ve added new integrations, including Stripe and Braintree, to help you securely discover and classify sensitive data and automatically access and delete personal data across your business. 

    Check out our monthly product release blog here.

     

    GrailMail Headers (3)

    2025 Data Privacy Trends Report

    • Consumers are increasingly acting on data privacy rights, with a 43% rise in DSRs, driven by stricter laws and heightened privacy awareness.
    • Deletions are up as access requests decline, driven by easier processes, breach concerns, and mass deletion services.
    • DSR management costs rose 43% YoY in 2024, driven by a surge in deletion requests, which now make up 82% of all DSRs.

    How to Navigate New State-Level Consumer Privacy Laws

    In this webinar recording, you’ll gain:

    • A breakdown of upcoming U.S. privacy regulations in Minnesota and Tennessee and their implications.
    • Key compliance themes across the states, like mandated data inventories, profiling transparency, and extended cure periods. Actionable guidance on U.S. readiness for the EU AI Act and what to expect next. 

    What You Need To Know About Minnesota’s New Privacy Law

    • Minnesota’s new privacy law, taking effect July 31, 2025, offers familiar consumer rights — access, correction, deletion, porting, and opt-out of profiling and targeted advertising — while introducing stricter operational mandates: a Chief Privacy Officer (or designated privacy lead), documented privacy policies, and a mandatory data inventory.
    • It’s also the first state to give individuals the right to challenge profiling decisions, adding a new layer of transparency and control over automated decisions with significant impact.

    What You Need To Know About Tennessee’s New Privacy Law

    • Tennessee’s Information Protection Act (TIPA) takes effect July 1, 2025 and provides rights such as access, deletion, and the ability to opt out of certain data processing activities. 
    • One of TIPA’s most distinctive features is its adoption of the National Institute of Standards and Technology (NIST) Privacy Framework. Tennessee is the first state to formally recognize this voluntary framework as a compliance tool.

    ✨ Exciting news! We’ve extended the deadline for Data Privacy Hero Award submissions to July 3. Don’t miss the chance to recognize the privacy, legal, IT, and security professionals powering our collective future.

    Are you passionate about privacy, legal, or security issues? Want to connect with like-minded professionals and stay ahead in a rapidly evolving landscape?

     

    Become a member of our Privacy Community!

    Privacy_Community

    We’ve got everything from privacy law updates to career tips, monthly privacy huddles, and exclusive resources tailored for the privacy community. Don’t miss out on the chance to be part of a vibrant network committed to advancing data privacy.

    See you next time! šŸ‘‹

    Colleen

    This was sent to your email. If you do not wish to receive news and product updates in this format, please manage your preferences below.

    Ā© 2024 DataGrail, Inc. and/or its affiliates. All rights reserved.
    Various trademarks held by their respective owners.

    DataGrail, 225 Bush Street, Suite 360, San Francisco, CA 94104

    Unsubscribe Manage preferences

    DataGrail-Emblem-969690
    LinkedIn
    X
    YouTube