My Corona

by | Mar 25, 2020 | Uncategorized | 1 comment

I’m not the first person to point out that the current flood of Covid-19 emails are reminiscent of the Great GDPR Consent Panic of 2018. Organisations you have no memory of ever interacting with are suddenly there as well as many household names, reassuring you of their ability to keep going despite the crisis. Some of them make sense – I got one from the Post Office yesterday telling me that they’re still open, which might be useful information to some. But a lot of them use almost an identical template to say very little – everyone’s home working, they really hope I’m OK, and they look forward to seeing me again after the Apocalypse. I would like to know what difference the companies think they’re going to make, but I’m not going to name and shame the worst ones or even unsubscribe from most of them – these are panicky and uncertain times, and a bit of corporate spam isn’t the worst thing that’s happening.

One email, however, stood out. I haven’t seen anything like it, and I hope no other company is as crass as Osano, the Texas-based ‘data privacy’ outfit headed by one Arlo Gilbert, who took the trouble to email me this morning to say how amazing they are, and how untouched by the global crisis they have been.

The story of how Osano came by my email address is instructive. Last year, Gilbert was putting himself about on Twitter, trumpeting his company which had been in the Data Privacy business since the grand old year of 2018. The Osano website is the Platonic ideal of the 2018 Era Privacy Company – very well designed, cool and slick, and bristling with enthusiasm for a subject that the company’s owners had literally only just found. Some DP and Privacy practitioners are as much activist as they are practitioner (which is why they hate me), but few would have the gall to present their company as a female superhero, saving the world one file at a time. Needless to say, when you look at Osano’s team, they’re all men.

The messages on the site also provides all of the classic GDPR bullshit flavours: teeth-grindingly pious: “When Osano helps companies to comply with the law, the interest of humanity is served, and the internet becomes a better place“, evidence-free scare-mongering “In recent months, numerous groups have undertaken “DDOS Compliance Attacks” whereby they band together and submit thousands of fraudulent DSAR/SRRs in an attempt to harm businesses”, and as is traditional, BIG CLAIMS ABOUT THE BUSINESS. Osano claims to have built “the world’s first data set that objectively measures the data privacy practices for every company on the planet“, and have carried out risk assessments on the compliance capabilities of 10,000 vendors. Disappointingly, despite the alleged ongoing nature of these risk assessments, that number is the same as it was last October.

Wary of some of Osano’s claims last year, I decided to do a bit of digging. I used the contact form on their website to ask whether they had carried out a risk assessment of my company. Although it seemed unlikely, given that Osano has this dataset that can measure any company on the planet, and there were / are 10,000 vendors on their list, it was surely possible? The contact form had an opt-in box to receive information from Osano, and I made sure not to tick it.

You’ll never guess what happened then. I received no acknowledgement or reply from Osano about my enquiry. Nothing. However, I started to receive marketing emails from Osano, always in the name of Arlo, telling me of how their team were “aggressively building new capabilities” and offering “Searchable blockchain-based audit log of consents to comply with information requests and government inquiries“, as if my bullshit bingo card could not be more complete. I can’t pretend that my request would have constituted a subject access request, focussed as it was on my company, but a sensible organisation might at least have sought to check. Moreover, having explicitly gone for a consent option for their marketing, every email that Osano has sent me since is in breach of the very GDPR that they claim to uphold.

Which brings me to Arlo’s recent missive. He begins by recounting how some people were wiped out by the 1990s Dotcom bubble. Then, it was the 2009 crash that wounded many. Now the Covid-19 pandemic means that “businesses around the world are closing their doors“. But what does that mean for data privacy now, friends, what does that mean?


As recently as a few days ago, attorneys were filing class-action lawsuits against companies for violations of California Consumer Privacy Act (CCPA). Today the California Attorney General announced that they would not be delaying prosecution for breaches of CCPA. Data privacy remains a mission-critical component of any modern business, even during a global pandemic.

I’m writing this blog just before doing a webinar on the outbreak, and I can confirm that I am not going to be telling the beautiful people who attend that they can throw DP into the garbage and do what they like (UPDATE: I broke a piece of equipment just before starting and spent the rest of the session spiralling in panic, which bodes Very Well for my online future). Privacy and data protection are central to a just and fair society, and if we throw them out of the window in a crisis, we might not get them back. However, waving the shroud of litigation while people are dying is as low a pitch for your glossy software as it’s possible to get. It’s ugly and everyone in the privacy and data protection sectors should turn their backs on this kind of marketing.

Arlo continues.

“I debated the need to draft a COVID-19 response for our customers in the face of my own inbox overflowing with explanations of how companies are managing during this difficult time.”

Translation: Arlo wondered if this was a bandwagon I needed to jump on.

“However, thousands of companies rely on Osano, and it has become clear that we need to address any concerns that may exist.”

Translation: Arlo decided that the answer was yes.

So what message does this titan of the tech business want to send to his customers? What reassurance, what inspiring words for the future does Arlo have for us all? After gloating that Osano is better at home-working that everyone else, Gilbert has decided that what the pandemic needs to know is how much money his company has.

Osano is well funded with many years of runway and positive gross margins. While other companies may be giving away Ducati motorcycles at conventions and buying Superbowl ads, Osano has always made capital-efficient growth s [sic] core of how we operate.

All of this is a long-winded way of saying that Osano is in great shape. This virus and the downturn in the economy have not changed our daily work habits in any way. Rest assured that there are few companies better equipped to respond to this new work-from-home lifestyle than Osano.”

Nothing about the customers and how they’re doing. Nothing about the effect on this crisis on the person reading the email, beyond a desultory “Stay safe out there” at the very end. The only message Arlo Gilbert wants to give the disease-stricken world is how brilliantly he and his company are handling it. There’s a small part of me that wonders to what extent this is protesting too much, that Arlo wants to tell people how great everything is because he himself needs to hear it. But probably not. The one group of people who are destined to come out of this well are the people at the top. The rest of us will just have to pick up the pieces.

If you want to talk to your customers at the moment, think very carefully about what you want to say. Don’t send unsolicited spam in breach of laws you claim to cherish. I have an email for my mailing list which I wrote days ago but find extremely difficult to send because getting the tone right seems so difficult in the current climate. I’m not ashamed to say that my business has been wiped out. I have no work, and apart from online courses, no prospect of work for months. I’ve made a couple of prudent financial decisions that mean I don’t have to worry for now, but reading Gilbert’s tech-bro muscle flexing must be sickening for people who have lost their jobs, their colleagues or their loved ones. A lot of people on LinkedIn are desperate to emphasise the positives, raising the possibility of founding a new Uber or writing the 21st Century King Lear, but in reality, surviving without losing your mind seems a triumph to me. Deciding that what you need to do now is boast about your positive gross margins is the act of an Osanohole.