On May 28, 2023, the Texas legislature passed the Texas Data Privacy and Security Act, making it the sixth state to pass a comprehensive data privacy law this year. The Act shares many similarities with Virginia, although there are some distinctions. If signed into law, the Act would take effect on July 1, 2024.
White House Issues Request for Comment on Use of Automated Tools with the Workforce
On May 1, 2023, the White House Office of Science and Technology Policy (“OSTP”) announced that it will release a Request for Information (“RFI”) to learn more about automated tools used by employers to “surveil, monitor, evaluate, and manage workers.” The White House will use the insights gained from the RFI to create policy and best practices surrounding the use of AI in the workplace.
Continue Reading White House Issues Request for Comment on Use of Automated Tools with the Workforce
DOJ, FTC, CFPB, and EEOC Statement on Discrimination and AI
On April 25, 2023, four federal agencies — the Department of Justice (“DOJ”), Federal Trade Commission (“FTC”), Consumer Financial Protection Bureau (“CFPB”), and Equal Employment Opportunity Commission (“EEOC”) — released a joint statement on the agencies’ efforts to address discrimination and bias in automated systems.
Continue Reading DOJ, FTC, CFPB, and EEOC Statement on Discrimination and AI
Indiana Passes Comprehensive Privacy Statute
On April 11, the Indiana legislature passed comprehensive state privacy legislation in the form of S.B. 5. S.B. 5 shares similarities with the state privacy laws in Virginia, Connecticut, Colorado, Utah, and most recently Iowa. If signed into law, S.B. 5 would take effect on January 1, 2026. This blog post summarizes the statute’s key takeaways.
Continue Reading Indiana Passes Comprehensive Privacy Statute
U.S. AI, IoT, CAV, and Privacy & Cybersecurity Legislative & Regulatory Update – First Quarter 2023
This quarterly update summarizes key legislative and regulatory developments in the first quarter of 2023 related to Artificial Intelligence (“AI”), the Internet of Things (“IoT”), connected and autonomous vehicles (“CAVs”), and data privacy and cybersecurity.
Iowa Enacts Comprehensive Consumer Privacy Law
On March 28, Governor Kim Reynolds signed into law SF 262, making Iowa the sixth state to enact a comprehensive consumer privacy law. The new law will take effect on January 1, 2025.
As we discuss here, Iowa’s privacy law shares a number of key similarities to existing state privacy frameworks, including providing
Colorado AG Files Final Rules Implementing CPA
On March 15, 2023, the Colorado Attorney General filed final rules implementing the Colorado Privacy Act (“CPA”) with the Secretary of State. The Attorney General first released proposed draft rules on October 10, 2022 and subsequently released revised draft rules on December 21, 2022 and January 27, 2023 after public comment. The final rules will
Iowa Passes Comprehensive Privacy Statute
On March 15th, the Iowa legislature passed S.F. 262 (the “ICDPA”), making it the sixth U.S. state to pass a comprehensive state privacy statute. The Iowa statute most closely resembles the Utah Consumer Privacy Act (“UCPA”), though it also shares some similarities with the approaches adopted in Virginia, Colorado, and Connecticut. The statute will next go to the governor’s desk for signature. If signed into law, the ICDPA would take effect on January 1, 2025.
McHenry Introduces Data Privacy Act of 2023
On February 24, Congressman Patrick McHenry (NC-10) formally introduced his bill to modernize the Gramm-Leach-Bliley Act (“GLBA”) in the House as H.R. 1165. The bill was first released as a discussion draft in June 2022, although the latest version reflects a number of updates as compared to the initial discussion draft. The bill has
The Colorado AG Posts Revised Draft Regulations
Recently, the Colorado Attorney General’s office posted a revised draft of the regulations implementing the Colorado Privacy Act. The revisions made a number of changes, and we highlight a few key ones below.
- Specifying that the dark patterns provisions apply in certain circumstances only. The rules clarify that the rules governing dark patterns apply only