On July 9, 2024, the FTC and California Attorney General settled a case against NGL Labs (“NGL”) and two of its co-founders. NGL Labs’ app, “NGL: ask me anything,” allows users to receive anonymous messages from their friends and social media followers. The complaint alleged violations of the FTC Act, the Restore Online Shoppers’ Confidence Act (ROSCA), the Children’s Online Privacy Protection Act (COPPA), and California laws prohibiting deceptive advertising and prohibiting unfair and deceptive business practices.
Continue Reading FTC Reaches Settlement with NGL Labs Over Children’s Privacy & AI
Louisiana Bans Targeted Advertising to Minors on Social Media Platforms
On June 18, 2024, Louisiana enacted HB 577, prohibiting “social media platforms” with more than 1 million users globally from displaying targeted advertising to Louisiana users that the platform has actual knowledge are under 18 years of age and from selling the sensitive personal data of such users. The law amends the effective date of the state social media law, the Louisiana Secure Online Child Interaction and Age Limitation Act (“the SOCIAL Act”), to July 1, 2025. HB 577 also will take effect on July 1, 2025. This post summarizes the law’s key provisions.
Continue Reading Louisiana Bans Targeted Advertising to Minors on Social Media PlatformsCalifornia Legislature Advances Several AI-Related Bills
With three months left until the end of this year’s legislative session, the California Legislature has been considering a flurry of bills regarding artificial intelligence (AI). Notable bills, described further below, impose requirements on developers and deployers of generative AI systems. The bills contain varying definitions of AI and generative AI systems. Each of these bills has been passed by one legislative chamber, but remains under consideration in the other chamber.
Continue Reading California Legislature Advances Several AI-Related BillsColorado Privacy Act Amended To Include Biometric Data Provisions
On May 31, 2024, Colorado Governor Jared Polis signed HB 1130 into law. This legislation amends the Colorado Privacy Act to add specific requirements for the processing of an individual’s biometric data. This law does not have a private right of action.
Continue Reading Colorado Privacy Act Amended To Include Biometric Data ProvisionsMaryland Enacts Age-Appropriate Design Code
On May 9, 2024, Maryland Governor Wes Moore signed the Maryland Age-Appropriate Design Code Act (“AADC”) into law. The AADC will go into force on October 1, 2024. This post summarizes the law’s key provisions.
Continue Reading Maryland Enacts Age-Appropriate Design CodeWhat the Diversity in Faces Litigation Means for Biometric Technologies
In 2020, Illinois residents whose photos were included in the Diversity in Faces dataset brought a series of lawsuits against multiple technology companies, including IBM, Facefirst, Microsoft, Amazon, and Google alleging violations of Illinois’ Biometric Information Privacy Act.[1] In the years since, the cases against IBM and FaceFirst were dismissed at the agreement of both parties, while the cases against Microsoft, Amazon, and most recently, Google were dismissed at summary judgment.
Continue Reading What the Diversity in Faces Litigation Means for Biometric TechnologiesThe Maryland Online Data Privacy Act Set to Reshape the State Privacy Legislation Landscape with Stringent Requirements
Last month, the Maryland legislature passed the Maryland Online Data Privacy Act (“MODPA”). Pending Governor’s signature, Maryland will become the latest state to enact comprehensive privacy legislation, joining California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Oregon, Texas, Florida, Delaware, New Jersey, New Hampshire, Kentucky, and Nebraska.
MODPA contains unique provisions that will require careful analysis to ensure compliance, including: data minimization requirements; restrictions on the collection, sale, or transfer of sensitive data; and consumer health data-related obligations. These unique provisions have the potential to create additional work streams even for companies who have come into compliance for existing state laws. This blog post summarizes the statute’s key takeaways.
Continue Reading The Maryland Online Data Privacy Act Set to Reshape the State Privacy Legislation Landscape with Stringent RequirementsNebraska Enacts Nebraska Data Privacy Act
On April 17, the Nebraska governor signed the Nebraska Data Privacy Act (the “NDPA”) into law. Nebraska is the latest state to enact comprehensive privacy legislation, joining California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Oregon, Texas, Florida, Delaware, New Jersey, New Hampshire, Kentucky, and Maryland. The NDPA will take effect on January 1, 2025. This blog post summarizes the statute’s key takeaways.
Continue Reading Nebraska Enacts Nebraska Data Privacy ActKentucky Passes Comprehensive Privacy Bill
Earlier this month, the Kentucky legislature passed comprehensive privacy legislation, H.B. 15 (the “Act”), joining California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Oregon, Texas, Florida, Delaware, New Jersey, and New Hampshire. The Act is awaiting the Governor’s signature. If signed into law, the Act would take effect on January 1, 2026. This blog post summarizes the statute’s key takeaways.
Continue Reading Kentucky Passes Comprehensive Privacy BillFlorida Enacts Social Media Bill Restricting Access for Teens Under the Age of Sixteen
On Monday, March 25, Florida Governor Ron DeSantis signed SB 3 into law. At a high level, the bill requires social media platforms to terminate the accounts of individuals under the age of 14, while seeking parental consent for accounts of those 14 or 15 years of age. The law will become effective January 1, 2025.
Continue Reading Florida Enacts Social Media Bill Restricting Access for Teens Under the Age of Sixteen