On October 3, the Federal Trade Commission (“FTC”) released a blog post titled Consumers Are Voicing Concerns About AI, which discusses consumer concerns that the FTC received via its Consumer Sentinel Network concerning artificial intelligence (“AI”) and priority areas the agency is watching. Although the FTC’s blog post acknowledged
Continue Reading FTC Publishes Blog Post Summarizing Consumer Concerns with AI Systems
CPPA Releases Draft Rules on Cybersecurity Audits and Risk Assessments
Ahead of its September 8 board meeting, the California Privacy Protection Agency (CPPA) has issued draft regulations on cybersecurity audits and risk assessments. Public comments will be requested once the formal rulemaking process is kicked off. Accordingly, the draft regulations are subject to change. Below are the key takeaways:
Continue Reading CPPA Releases Draft Rules on Cybersecurity Audits and Risk AssessmentsRecent Decision Dismissing VPPA Class Action Claim Shows Limits of VPPA’s Reach
In the past year, plaintiffs have filed a wave of lawsuits asserting claims under the Video Privacy Protection Act (“VPPA”) in connection with the alleged use of third-party pixels on websites that offer video content. A recent decision establishes the limits of the VPPA’s reach and provides a well-reasoned ground
Continue Reading Recent Decision Dismissing VPPA Class Action Claim Shows Limits of VPPA’s ReachCalifornia Court Delays Enforcement of CPPA Regulations
On June 30, 2023, a Superior Court of California (County of Sacramento, case number 34-2023-80004106-CU-WM-GDS) held that enforcement of the California Privacy Protection Agency’s (“CPPA”) regulations cannot commence until one year after the finalized date of the regulations. However, the court declined to delay the CPPA’s ability to enforce violations
Continue Reading California Court Delays Enforcement of CPPA RegulationsDelaware General Assembly Passes Personal Data Privacy Act
On June 30, 2023, the Delaware general assembly passed the Delaware Personal Data Privacy Act (“DPDPA”), H.B. 154. This bill resembles the comprehensive privacy statutes in Connecticut, Montana, and the recently passed bill in Oregon, though there are some notable distinctions. If signed into law, Delaware will be
Continue Reading Delaware General Assembly Passes Personal Data Privacy ActOregon Legislature Passes Consumer Privacy Act
On June 22, 2023, the Oregon state legislature passed the Oregon Consumer Privacy Act, S.B. 619 (the “Act”). This bill resembles the comprehensive privacy statutes in Colorado, Montana, and Connecticut, though there are some notable distinctions. If passed, Oregon will be the twelfth state to implement a comprehensive privacy statute
Continue Reading Oregon Legislature Passes Consumer Privacy ActTexas Passes Data Privacy and Security Act
On May 28, 2023, the Texas legislature passed the Texas Data Privacy and Security Act, making it the sixth state to pass a comprehensive data privacy law this year. The Act shares many similarities with Virginia, although there are some distinctions. If signed into law, the Act would take
Continue Reading Texas Passes Data Privacy and Security ActFTC Announces COPPA Settlement Against Ed Tech Provider Including Strict Data Minimization and Data Retention Requirements
On May 22 the Federal Trade Commission (“FTC”) announced a $6 million settlement with Edmodo, an ed tech provider, for violations of the COPPA Rule and Section 5 of the FTC Act. The FTC described this settlement as the first FTC order that will prohibit an ed tech provider from requiring students to provide more personal data than necessary to participate in online activities. The settlement is consistent with the FTC’s policy statement on ed tech issued last May (see our summary of the policy statement here).
Continue Reading FTC Announces COPPA Settlement Against Ed Tech Provider Including Strict Data Minimization and Data Retention RequirementsNYC Artificial Intelligence Rule to Take Effect July 5, 2023: New York City Issues Final Rule Regulating the Use of AI Tools by Employers
The New York City Department of Consumer and Worker Protection (“DCWP”) recently issued a Notice of Adoption of Final Rule (“Final Rule”) relating to the implementation of New York City’s law regulating the use of automated employment decision tools (“AEDT”) by NYC employers and employment agencies.
NYC’s Local Law 144 now takes effect on July 5, 2023. As discussed in our prior post, Local Law 144 prohibits employers and employment agencies from using certain Artificial Intelligence (“AI”) tools in the hiring or promotion process unless the tool has been subject to a bias audit within one year prior to its use, the results of the audit are publicly available, and notice requirements to employees or job candidates are satisfied.
The issuance of DCWP’s Final Rule follows the prior release of two sets of proposed rules in September 2022 and December 2022. The Final Rule’s most significant updates from the December 2022 proposal include an expansion of the definition of AEDTs and modifications to the requirements for bias audits. Key provisions of the Final Rule are summarized below.
Continue Reading NYC Artificial Intelligence Rule to Take Effect July 5, 2023: New York City Issues Final Rule Regulating the Use of AI Tools by EmployersIndiana Passes Comprehensive Privacy Statute
On April 11, the Indiana legislature passed comprehensive state privacy legislation in the form of S.B. 5. S.B. 5 shares similarities with the state privacy laws in Virginia, Connecticut, Colorado, Utah, and most recently Iowa. If signed into law, S.B. 5 would take effect on January 1, 2026. This blog post summarizes the statute’s key takeaways.
Continue Reading Indiana Passes Comprehensive Privacy Statute