Montana recently revised its Genetic Information Privacy Act to address neural data. The law went into effect in 2023, and applies to both entities that offer genetic testing services as well as entities that use genetic...more
The California Privacy Protection Agency announced this month that it, along with six other states, will be forming a new group called the “Consortium of Privacy Regulators.” (The other states are Colorado, Connecticut,...more
Oregon’s Attorney General released a new report this month, summarizing the outcomes since Oregon’s “comprehensive” privacy law took effect six months ago. A six-month report isn’t new: Connecticut released a six month report...more
Many expect that deal activity will increase in 2025. As we approach the end of the first quarter, it is helpful to keep in mind privacy and data security issues that can potentially derail a deal. We discussed this in a...more
Right of erasure (or “right to be forgotten”) has been selected by the European Data Protection Board as its priority enforcement topic for 2025. This work is being done under the “Coordinated Enforcement Framework” or “CEF.”...more
In the waning days of the Biden administration, the FTC published an update to its COPPA Privacy Rule. The status of this update, however, is unclear. The revisions to the rule were posted on the FTC website prior to the...more
The Oregon AG’s Office, along with the state’s Department of Justice, issued guidance late last year on how state laws apply to the ways businesses use AI. The guidance may be two months old, but the cautions are still...more
2/26/2025
/ Artificial Intelligence ,
Bias ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Privacy ,
Data Security ,
Oregon ,
Privacy Laws ,
State Privacy Laws ,
Technology Sector ,
Transparency
The New Jersey AG and the Division on Civil Rights’ new guidance on algorithmic discrimination explains how AI tools might be used in ways that violate the New Jersey Law Against Discrimination. The law applies to employers...more
2/24/2025
/ Algorithms ,
Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Bias ,
Data Privacy ,
Discrimination ,
Employment Discrimination ,
Equal Employment Opportunity Commission (EEOC) ,
Hiring & Firing ,
New Guidance ,
New Jersey ,
State Attorneys General ,
State Labor Laws ,
State Privacy Laws ,
Technology Sector
The California privacy regulator recently settled with a data broker (Key Marketing Advantage LLC) that it alleged had violated the state’s data broker law. Under the Delete Act, data brokers must, among other things,...more
The Ninth Circuit continued the pause on California’s SB 976 (Protecting Our Kids from Social Media Addiction Act) as of late January 2025. The law was signed by Governor Newsom in September 2024, and challenged by NetChoice...more
Following a German case brought against the EU Commission, the EU General Court found that the Commission had made an improper transfer of personal information to the US. The plaintiff, a German citizen, alleged (among other...more
At the end of 2024 the Italian Data Protection Authority issued a 15 million euro fine in the first generative AI-related case brought under GDPR. According to Garante (the Italian authority), OpenAI trained ChatGPT with...more
1/29/2025
/ Artificial Intelligence ,
Bots ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Italy ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements
It is hard to believe that another year is upon us! As we have done in years past (including 2023, 2022, 2021, 2020, 2019 and 2018), we have created a comprehensive resource of all our www.eyeonprivacy.com posts from 2024. As...more
1/22/2025
/ Artificial Intelligence ,
Biometric Information ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Online Safety for Children ,
Privacy Laws ,
Regulatory Agenda ,
Risk Management ,
Social Media ,
State Privacy Laws ,
Technology Sector ,
UK
The Colorado AG’s office adopted draft amendments to the Colorado Privacy Act rules last month. The adopted draft reflected input from the public to AG’s September 2024 version and addresses three key issues. First, on...more
In the fourth in our series of new CCPA regulations from California, we look at both cybersecurity audit obligations as well as the impact of the CCPA on the insurance industry. Cybersecurity Audits The proposed rules address...more
In the second in our series of new CCPA regulations from California, we look at proposed rules for use of automated decisionmaking technology. As a reminder, CCPA discusses these technologies in relation to profiling, namely...more
12/12/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
Data Privacy ,
Legislative Agendas ,
Machine Learning ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Privacy Policy ,
Regulatory Agenda ,
Risk Assessment ,
State and Local Government ,
State Privacy Laws ,
Technology
The New York Attorney General’s Office recently settled with Albany ENT & Allergy Services over claims that the healthcare provider failed to protect over 200,000 consumers’ private health information. The claims stem from...more
The European Data Protection Board issued draft guidelines last month that outline when processing can be considered done for “legitimate interest.” The public has until November 20 to provide comments to the draft....more
Regulations impacting children’s use of social media continues to be a space in motion the past few months. There have been developments at both the state level, as well as with the FTC. And there is no sign of slowing down....more
11/7/2024
/ COPPA ,
Data Collection ,
Data Privacy ,
Federal Trade Commission (FTC) ,
First Amendment ,
Florida ,
Legislative Agendas ,
Online Safety for Children ,
Parental Consent ,
Privacy Laws ,
Regulatory Agenda ,
Social Media ,
State Legislatures ,
State Privacy Laws
The EDPB released guidance last month to help companies understand their obligations when using newer tracking tools. These include pixels, URL tracking, IP-tracking, and the like. First, some background: an EU law that...more
11/1/2024
/ Accessibility Rules ,
Data Collection ,
Data Privacy ,
Data Protection ,
e-Privacy Directive ,
Electronically Stored Information ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Internet of Things ,
New Guidance ,
Privacy Laws ,
Technology ,
Tracking Systems
2024 seems like it is flying by. For those keeping track of US state “comprehensive” privacy laws you know that October 1 – a week away – brings the effective date of the Montana privacy law. The “big sky” state will join...more
9/24/2024
/ Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Legislative Agendas ,
Montana ,
New Legislation ,
New Regulations ,
Privacy Laws ,
Regulatory Agenda ,
State and Local Government ,
State Legislatures ,
State Privacy Laws
New York Attorney General Letitia James recently released guidance for businesses and consumers about website tracking technologies. The consumer guide provided examples of common cookies, tracking technologies, and how...more
8/23/2024
/ Consumer Protection Laws ,
Cookies ,
Data Privacy ,
Data Protection ,
Data Security ,
Internet Privacy ,
New Guidance ,
New York ,
Privacy Laws ,
State Privacy Laws ,
Unfair or Deceptive Trade Practices ,
Web Tracking ,
Websites
TracFone, the pre-paid phone company, recently settled with the FCC over allegations that the company failed to protect customer information during three different data incidents. According to the FCC, in each of the...more
8/2/2024
/ Cell Phones ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
FCC ,
Information Security ,
Privacy Laws ,
Settlement ,
Telecommunications ,
TracFone Wireless ,
Wireless Devices ,
Wireless Industry
Indiana recently amended its breach notification law to include as personal information age verification information collected by adult websites. At the same time, the state passed a new law for adult websites...more
Privacy professionals know “adaptable” programs are important. But what does that really mean? What does it look like? And how do we create one? We know that with the never-ending list of new laws and modifications to...more