Uncategorized

On Thursday, March 7, 2024, the U.S. Senate confirmed two nominees for the open seats on the Federal Trade Commission:  Andrew N. Ferguson, former solicitor general of the Commonwealth of Virginia; and Melissa Holyoak, former solicitor general with the Utah Attorney General’s Office.  With this confirmation of two new Republican Commissioners, the FTC is one step closer to a full slate of five bipartisan Commissioners.  The Senate also re-confirmed Commissioner Rebecca Kelly Slaughter for a second term.  President Biden had nominated Ferguson and Holyoak on July 11, 2023, and renominated Slaughter on February 13, 2023. Continue Reading FTC Returns to Bipartisan Commission with Confirmation of Two New Republican Commissioners

The FTC recently announced proposed consent orders with Outlogic (formerly X-Mode Social) and InMarket Media concerning their collection and monetization of precise geolocation data.  Both companies collect location data using software development kits (“SDKs”) installed in first and third party apps, among other data sources.  According to the FTC’s complaints, Outlogic sold this data to third parties (including in a manner that revealed consumer’s visits to sensitive locations) without obtaining adequate consent, and InMarket used this data to facilitate targeted advertising without notifying consumers that their location data will be used for targeted advertising.  In both cases, the FTC alleged that these acts and practices constituted unfair and/or deceptive acts or practices under Section 5 of the FTC Act. Continue Reading FTC Announces Proposed Consent Orders Related to Location Data

On January 29, 2024, the Department of Commerce (“Department”) published a proposed rule (“Proposed Rule”) to require providers and foreign resellers of U.S. Infrastructure-as-a-Service (“IaaS”) products to (i) verify the identity of their foreign customers and (ii) notify the Department when a foreign person transacts with that provider or reseller to train a large artificial intelligence (“AI”) model with potential capabilities that could be used in malicious cyber-enabled activity. The proposed rule also contemplates that the Department may impose special measures to be undertaken by U.S. IaaS providers to deter foreign malicious cyber actors’ use of U.S. IaaS products.  The accompanying request for comments has a deadline of April 29, 2024.Continue Reading Department of Commerce Issues Proposed Rule to Regulate Infrastructure-as-a-Service Providers and Resellers

A new post on the Covington Inside Global Tech blog highlights key legislative, regulatory, and litigation developments in the fourth quarter of 2023 and early January 2024 related to technology issues.  These included developments related to artificial intelligence (“AI”), connected and automated vehicles (“CAVs”), data privacy, and cybersecurity. As noted by the post, some of

On December 14, 2023, the U.S. Senate passed the Revising Existing Procedures on Reporting via Technology (“REPORT”) Act (S. 474), which, among other provisions, would impose new obligations on providers to report additional categories of online child sexual abuse material (“CSAM”) under 18 U.S.C. § 2258A. Continue Reading U.S. Senate Passes REPORT Act to Expand Scope of CSAM Reporting Obligations

On Friday, the FTC announced that was entering a consent decree with 1Health.io Inc., which also does business as Vitagene, Inc.  This is the fourth health-related FTC enforcement action announced this year (see here and here). 

In addition, it comes on the heels of Virginia, Montana, and, as recently as last week, Texas joining California, Utah, and Arizona in adopting legislation specifically regulating the privacy practices of direct-to-consumer genetic testing companies.  The recently adopted Montana law has a broader scope and narrower exceptions that raise questions about whether it will impede research, whereas the Texas law adopted last week is more similar to the other state models. Continue Reading FTC Enters Consent Decree with Direct-to-Consumer Genetic Testing Company On Heels of Other Significant Health and Genetic Privacy Developments

On April 25, 2023, four federal agencies — the Department of Justice (“DOJ”), Federal Trade Commission (“FTC”), Consumer Financial Protection Bureau (“CFPB”), and Equal Employment Opportunity Commission (“EEOC”) — released a joint statement on the agencies’ efforts to address discrimination and bias in automated systems. Continue Reading DOJ, FTC, CFPB, and EEOC Statement on Discrimination and AI

Washington’s My Health My Data Act (“HB 1155” or the “Act”), which would expand privacy protections for the health data of Washington consumers, recently passed the state Senate after advancing through the state House of Representatives.  Provided that the House approves the Senate’s amendments, the Act could head to the governor’s desk for signature in the coming days and become law.  The Act was introduced in response to the United States Supreme Court’s Dobbs decision overturning Roe v. Wade.   If enacted, the Act could dramatically affect how companies treat the health data of Washington residents. 

This blog post summarizes a few key takeaways in the statute.Continue Reading Washington’s My Health My Data Act Passes State Senate

Recently, the Colorado Attorney General’s office posted a revised draft of the regulations implementing the Colorado Privacy Act. The revisions made a number of changes, and we highlight a few key ones below.

  • Specifying that the dark patterns provisions apply in certain circumstances only. The rules clarify that the rules governing dark patterns apply only

On Episode 20 of Covington’s Inside Privacy Audiocast, Dan Cooper, Co-Chair of Covington’s Data Privacy and Cyber Security practice, and Christian Ahlborn, Partner in Covington’s Competition practice, discuss the recently enacted EU Digital Markets Act (DMA) in the first part of our “Competition and Privacy” mini series.

For more information on the DMA