On October 3, the Federal Trade Commission (“FTC”) released a blog post titled Consumers Are Voicing Concerns About AI, which discusses consumer concerns that the FTC received via its Consumer Sentinel Network concerning artificial intelligence (“AI”) and priority areas the agency is watching. Although the FTC’s blog post acknowledged
Continue Reading FTC Publishes Blog Post Summarizing Consumer Concerns with AI Systems
U.S. Tech Legislative & Regulatory Update – Third Quarter 2023
This quarterly update summarizes key legislative and regulatory developments in the third quarter of 2023 related to key technologies and related topics, including Artificial Intelligence (“AI”), connected and automated vehicles (“CAVs”), and data privacy and cybersecurity.Continue Reading U.S. Tech Legislative & Regulatory Update – Third Quarter 2023
U.S. Tech Legislative & Regulatory Update – Second Quarter 2023
This quarterly update summarizes key legislative and regulatory developments in the second quarter of 2023 related to key technologies and related topics, including Artificial Intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), data privacy and cybersecurity, and online teen safety.Continue Reading U.S. Tech Legislative & Regulatory Update – Second Quarter 2023
California Court Delays Enforcement of CPPA Regulations
On June 30, 2023, a Superior Court of California (County of Sacramento, case number 34-2023-80004106-CU-WM-GDS) held that enforcement of the California Privacy Protection Agency’s (“CPPA”) regulations cannot commence until one year after the finalized date of the regulations. However, the court declined to delay the CPPA’s ability to enforce violations
Continue Reading California Court Delays Enforcement of CPPA RegulationsDelaware General Assembly Passes Personal Data Privacy Act
On June 30, 2023, the Delaware general assembly passed the Delaware Personal Data Privacy Act (“DPDPA”), H.B. 154. This bill resembles the comprehensive privacy statutes in Connecticut, Montana, and the recently passed bill in Oregon, though there are some notable distinctions. If signed into law, Delaware will be
Continue Reading Delaware General Assembly Passes Personal Data Privacy ActOregon Legislature Passes Consumer Privacy Act
On June 22, 2023, the Oregon state legislature passed the Oregon Consumer Privacy Act, S.B. 619 (the “Act”). This bill resembles the comprehensive privacy statutes in Colorado, Montana, and Connecticut, though there are some notable distinctions. If passed, Oregon will be the twelfth state to implement a comprehensive privacy statute
Continue Reading Oregon Legislature Passes Consumer Privacy ActFTC Announces a Notice of Proposed Rulemaking to Expand Scope of the Health Breach Notification Rule
On May 18, 2023, the Federal Trade Commission (“FTC”) announced a notice of proposed rulemaking (the “proposed rule”) to “strengthen and modernize” the Health Breach Notification Rule (“HBNR”). The proposed rule builds on the FTC’s September 2021 “Statement of the Commission on Breaches by Health Apps and Other Connected Devices” (“Policy Statement”), which took a broad approach to when health apps and connected devices are covered by the HBNR and when there is a “breach” for purposes of the HBNR. The proposed rule primarily would (i) amend many definitions that are central to the scope of the HBNR (e.g., “breach of security,” “health care provider,” and “personal health record”), and (ii) authorize expanded means for providing notice to consumers of a breach and require additional notice content. According to the FTC, these changes to the HBNR would ensure the HBNR “remains relevant in the face of changing business practices and technological developments.” Below, we provide a brief summary of the history of the HBNR leading up to this proposed rule, a brief summary of the proposed rule, and a timeline for commenting.Continue Reading FTC Announces a Notice of Proposed Rulemaking to Expand Scope of the Health Breach Notification Rule
Texas Passes Data Privacy and Security Act
On May 28, 2023, the Texas legislature passed the Texas Data Privacy and Security Act, making it the sixth state to pass a comprehensive data privacy law this year. The Act shares many similarities with Virginia, although there are some distinctions. If signed into law, the Act would take
Continue Reading Texas Passes Data Privacy and Security ActHHS Issues Notice of Expiration of COVID-19 HIPAA Enforcement Discretion
On April 11, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that four Notifications of Enforcement Discretion (“Notifications”) that were issued under the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, “HIPAA”) during the COVID-19 pandemic will expire on May 11, 2023. In response to the COVID-19 Public Health Emergency, OCR announced it would exercise enforcement discretion with respect to noncompliance with certain provisions of HIPAA. Now that the public health emergency is set to expire, OCR is rescinding the relevant Notifications. Below, we summarize the four Notifications that are set to expire:Continue Reading HHS Issues Notice of Expiration of COVID-19 HIPAA Enforcement Discretion
U.S. AI, IoT, CAV, and Privacy & Cybersecurity Legislative & Regulatory Update – First Quarter 2023
This quarterly update summarizes key legislative and regulatory developments in the first quarter of 2023 related to Artificial Intelligence (“AI”), the Internet of Things (“IoT”), connected and autonomous vehicles (“CAVs”), and data privacy and cybersecurity.Continue Reading U.S. AI, IoT, CAV, and Privacy & Cybersecurity Legislative & Regulatory Update – First Quarter 2023