The Texas Data Privacy and Security Act (TDPSA) became law on June 16, 2023. Texas becomes the 11th state to enact a comprehensive consumer data privacy law, joining California, Virginia, Colorado, Connecticut, Utah, Iowa,...more
7/7/2023
/ Biometric Information ,
Compliance ,
Consent ,
Data Privacy ,
Data Protection ,
Data Security ,
Fair Credit Reporting Act (FCRA) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Non-Discrimination Rules ,
Notice Requirements ,
Opt-Outs ,
Popular ,
Private Right of Action ,
Reporting Requirements ,
SBA ,
Sensitive Personal Information ,
Small Business ,
State Privacy Laws ,
Texas
The Connecticut legislature passed and the governor recently signed amendments to the Connecticut Data Privacy Act (CTDPA), the state's comprehensive consumer data privacy law, which goes into effect July 1, 2023. Some...more
7/3/2023
/ Confidential Information ,
Connecticut ,
Data Privacy ,
Email ,
Enforcement Actions ,
Minors ,
New Amendments ,
Personal Data ,
PHI ,
Sensitive Personal Information ,
Social Media
On June 14, 2023, the European Parliament approved amendments to the European Union (EU) Artificial Intelligence Act (AI Act or AIA) ("Parliament Proposal"). The AIA is the EU's primary proposed framework to regulate AI...more
The Florida Digital Bill of Rights (FDBR) was signed into law by Governor Ron DeSantis on June 6, 2023, making Florida the tenth state to enact a consumer data privacy law along with California, Virginia, Colorado,...more
6/9/2023
/ Biometric Information ,
Consent ,
Consumer Privacy Rights ,
COPPA ,
Data Collection ,
Data Protection ,
Data Retention ,
Data Selling ,
Disclosure Requirements ,
Enforcement ,
Facial Recognition Technology ,
Florida ,
New Legislation ,
Notice Requirements ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Rulemaking Process ,
Sensitive Personal Information ,
Social Media
On May 18, 2023, the Federal Trade Commission (FTC) issued a policy statement warning that the proliferation of technologies that use or claim to use biometric information may bring risks with regard to consumer privacy and...more
6/2/2023
/ Biometric Information ,
Data Collection ,
Data Security ,
Deep Fake ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Fingerprints ,
FTC Act ,
Innovative Technology ,
Section 5 ,
Unfair or Deceptive Trade Practices
Montana is the ninth state to enact a comprehensive consumer data privacy law -
Montana Governor Greg Gianforte signed the Montana Consumer Data Privacy Act (MTCDPA) on May 19, 2023, after unanimous passage through the...more
Italy's Data Protection Agency (DPA) lifted a temporary ban on ChatGPT's operations in Italy after OpenAI, the purveyor of the generative AI system, agreed to implement a series of changes to its online notices and privacy...more
The Tennessee Information Protection Act (TIPA) passed unanimously through both houses of the Tennessee legislature and was signed by Governor Bill Lee on May 11, 2023. Tennessee joins seven states in enacting a comprehensive...more
5/16/2023
/ Biometric Information ,
Consumer Privacy Rights ,
Controlled Substances Act ,
COPPA ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
Gramm-Leach-Blilely Act ,
HCQIA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
New Legislation ,
NIST ,
Noncompliance ,
Personal Information ,
State Privacy Laws ,
Title V
On April 27, 2023, Washington Governor Jay Inslee signed into law the My Health My Data Act (the "Act"), which will regulate the collection, use, and disclosure of "consumer health data" ("Consumer Health Data" or "CHD"). The...more
5/2/2023
/ Business Associates ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Patient Privacy Rights ,
PHI ,
Private Right of Action
On April 11, 2023, the Department of Commerce, through the National Telecommunications and Information Administration (NTIA), issued a request for comments (RFC) on AI system accountability measures and policies. The “AI...more
Regulators, both in the United States and around the globe, are showing greater concern about the potential risks of using generative artificial intelligence (AI) systems for commercial and business purposes. The Federal...more
The California Privacy Protection Agency ("CPPA" or "Agency") is seeking preliminary comments on proposed rulemaking for risk assessments and cybersecurity audits for higher-risk data processing activities, and consumer...more
One can scarcely browse the internet without encountering a story on the use of Artificial Intelligence (AI) by businesses or websites. While recently most attention has focused on generative AI and the increasing use of chat...more
The FCC Broadband Data Taskforce recently released recommendations on best practices to submit bulk challenges to the Broadband Serviceable Location Fabric (BSL Fabric). The BSL Fabric is a dataset of geographic coordinates...more
On January 26, 2023, the National Institute of Standards and Technology (NIST) released the final version of its AI Risk Management Framework (RMF). ...more
The Federal Communications Commission ("FCC" or "Commission") has released its long-awaited Notice of Proposed Rulemaking ("NPRM") proposing to revise data breach reporting requirements for telecommunications carriers and...more
The FCC Broadband Data Task Force announced that the second Broadband Data Collection (BDC) filing window opened on January 3, 2023, and the required data submissions may be made at any time up until the deadline of March 1,...more
In late December, the New York City Department of Consumer and Worker Protection (DCWP or Department) issued revised rules to implement New York City Local Law 144 of 2021, which mandates bias audits of AI-enabled systems...more
On September 28, 2022, the European Commission published its proposal for a directive to amend the existing European Union (EU) Product Liability Directive that provides a system for compensating people who suffer physical...more
On September 28, 2022, the European Commission published its Proposal for an Artificial Intelligence Liability Directive. See European Commission, Proposal for a Directive on adapting non-contractual civil liability rules to...more
In March 2022, the US and EU announced they had agreed in principle to a new Trans-Atlantic Data Privacy Framework (Framework) intended to simplify transfers of personal information. After months of waiting for the final...more
The Colorado Attorney General's Office has published its much-anticipated proposed rules (Proposed Rules) implementing the Colorado Privacy Act (CPA), which, as we discussed in an earlier blog post, was enacted on July 7,...more
On August 29, 2022, the Federal Trade Commission (FTC) announced it had filed a complaint in Idaho federal district court against Kochava Inc., a data broker, seeking injunctive relief on account of alleged violations of...more
The Office of the California Attorney General (OAG) announced on August 24, 2022, a settlement with Sephora, Inc., as part of a recent enforcement sweep of online retailers. OAG alleged Sephora violated the California...more
On August 18, the National Institute of Standards and Technology (NIST) released a second draft of its Artificial Intelligence Risk Management Framework (the Second Draft) for public comment. The first draft was released in...more