And Utah Makes 4—Beehive State Passes Consumer Privacy Law (UPDATED)
Update March 31, 2022: Utah Governor Spencer Cox signed the bill into law March 24, 2022. With passage of the Utah Consumer Privacy Act (UCPA), Utah will become the fourth state to adopt omnibus...
View ArticleEuropean Commission Releases Additional Guidance on SCCs for International...
On May 25, 2022, the European Commission announced the release of a new guidance document relating to standard contractual clauses (SCCs) and international data transfers. The guidance is included in a...
View ArticleFirst Circuit Splits on Whether Warrantless Pole-Mounted Video Surveillance...
Last week, the First Circuit issued a decision that could be destined for Supreme Court review, but that nonetheless will immediately impact the course of criminal defendants' Fourth Amendment rights,...
View ArticlePrivacy in a Post-Roe World: What Businesses of All Types Should Consider
Following the U.S. Supreme Court's decision in Dobbs v. Jackson Women's Health Organization overruling Roe v. Wade, businesses and organizations that process personal data—including those outside the...
View ArticleFTC Issues Advance Notice of Proposed Rulemaking on Commercial Surveillance...
The Federal Trade Commission (FTC) may have just taken its first steps towards the creation of generally applicable federal privacy and security rules. On Aug. 11, 2022, the FTC published an advance...
View ArticleFTC Proposed "Commercial Surveillance and Data Security" Rulemaking Raises...
The Federal Trade Commission has formally launched a rulemaking proceeding that nominally is focused on consumer privacy issues, but actually raises significant questions about the impact of artificial...
View ArticleNIST Releases Second Draft of AI Risk Management Framework
On August 18, the National Institute of Standards and Technology (NIST) released a second draft of its Artificial Intelligence Risk Management Framework (the Second Draft) for public comment. The first...
View ArticleCA Attorney General Settles With Online Retailer That Failed to Disclose...
The Office of the California Attorney General (OAG) announced on August 24, 2022, a settlement with Sephora, Inc., as part of a recent enforcement sweep of online retailers. OAG alleged Sephora...
View ArticleFTC Sues Data Broker Over Sales of Geolocation Data
On August 29, 2022, the Federal Trade Commission (FTC) announced it had filed a complaint in Idaho federal district court against Kochava Inc., a data broker, seeking injunctive relief on account of...
View ArticleA First Look at the Colorado Privacy Act Proposed Rules
The Colorado Attorney General's Office has published its much-anticipated proposed rules (Proposed Rules) implementing the Colorado Privacy Act (CPA), which, as we discussed in an earlier blog post,...
View ArticleNew Executive Order Paves Way for Streamlined International Data Transfers
In March 2022, the US and EU announced they had agreed in principle to a new Trans-Atlantic Data Privacy Framework (Framework) intended to simplify transfers of personal information. After months of...
View ArticleEU's Proposed AI Liability Directive Sets Procedural Rules for Litigating...
On September 28, 2022, the European Commission published its Proposal for an Artificial Intelligence Liability Directive. See European Commission, Proposal for a Directive on adapting non-contractual...
View ArticleEuropean Commission Proposes AI-Related Revisions to EU Product Liability...
On September 28, 2022, the European Commission published its proposal for a directive to amend the existing European Union (EU) Product Liability Directive that provides a system for compensating...
View ArticleNew York City Revises Audit Rules for AI-Enabled Systems Used in Hiring and...
In late December, the New York City Department of Consumer and Worker Protection (DCWP or Department) issued revised rules to implement New York City Local Law 144 of 2021, which mandates bias audits...
View ArticleFCC Broadband Data Collection Filing Window Closes March 1, 2023
The FCC Broadband Data Task Force announced that the second Broadband Data Collection (BDC) filing window opened on January 3, 2023, and the required data submissions may be made at any time up until...
View ArticleFCC Proposes New Rules for CPNI Data Breach Reporting
The Federal Communications Commission ("FCC" or "Commission") has released its long-awaited Notice of Proposed Rulemaking ("NPRM") proposing to revise data breach reporting requirements for...
View ArticleNIST Releases Final Risk Management Framework for Developing Trustworthy AI
On January 26, 2023, the National Institute of Standards and Technology (NIST) released the final version of its AI Risk Management Framework (RMF)....By:
View ArticleFCC Taskforce Provides Guidance on BSL Fabric Challenges
The FCC Broadband Data Taskforce recently released recommendations on best practices to submit bulk challenges to the Broadband Serviceable Location Fabric (BSL Fabric). The BSL Fabric is a dataset of...
View ArticleRecent Decisions Interpreting Illinois Biometrics Law Could Create "Ruinous...
One can scarcely browse the internet without encountering a story on the use of Artificial Intelligence (AI) by businesses or websites. While recently most attention has focused on generative AI and...
View ArticleCPPA Solicits Comments on Cyber Audits, Risk Assessment and AI Tech
The California Privacy Protection Agency ("CPPA" or "Agency") is seeking preliminary comments on proposed rulemaking for risk assessments and cybersecurity audits for higher-risk data processing...
View ArticleGenerative AI, ChatGPT Undergoing Heightened Regulatory Scrutiny
Regulators, both in the United States and around the globe, are showing greater concern about the potential risks of using generative artificial intelligence (AI) systems for commercial and business...
View ArticleDepartment of Commerce’s NTIA Sets Sights on Developing Federal AI...
On April 11, 2023, the Department of Commerce, through the National Telecommunications and Information Administration (NTIA), issued a request for comments (RFC) on AI system accountability measures...
View ArticleNew Washington Law Has Broad Implications For Protecting Consumer Health Data...
On April 27, 2023, Washington Governor Jay Inslee signed into law the My Health My Data Act (the "Act"), which will regulate the collection, use, and disclosure of "consumer health data" ("Consumer...
View ArticleTennessee Information Protection Act Is Signed Into Law
The Tennessee Information Protection Act (TIPA) passed unanimously through both houses of the Tennessee legislature and was signed by Governor Bill Lee on May 11, 2023. Tennessee joins seven states in...
View ArticleItaly's Data Protection Agency Lifts Ban on ChatGPT
Italy's Data Protection Agency (DPA) lifted a temporary ban on ChatGPT's operations in Italy after OpenAI, the purveyor of the generative AI system, agreed to implement a series of changes to its...
View ArticleMontana Consumer Data Privacy Act Signed Into Law
Montana is the ninth state to enact a comprehensive consumer data privacy law - Montana Governor Greg Gianforte signed the Montana Consumer Data Privacy Act (MTCDPA) on May 19, 2023, after unanimous...
View ArticleFTC Articulates Consumer Privacy Concerns – Potential Misuse of Biometric...
On May 18, 2023, the Federal Trade Commission (FTC) issued a policy statement warning that the proliferation of technologies that use or claim to use biometric information may bring risks with regard...
View ArticleFlorida Digital Bill of Rights Signed Into Law
The Florida Digital Bill of Rights (FDBR) was signed into law by Governor Ron DeSantis on June 6, 2023, making Florida the tenth state to enact a consumer data privacy law along with California,...
View ArticleEuropean Parliament Approves Amendments to Expand the Scope of EU AI Act
On June 14, 2023, the European Parliament approved amendments to the European Union (EU) Artificial Intelligence Act (AI Act or AIA) ("Parliament Proposal"). The AIA is the EU's primary proposed...
View ArticleConnecticut Expands Regulation of Consumer Data Privacy
The Connecticut legislature passed and the governor recently signed amendments to the Connecticut Data Privacy Act (CTDPA), the state's comprehensive consumer data privacy law, which goes into effect...
View ArticleTexas Data Privacy and Security Act – An Overview
The Texas Data Privacy and Security Act (TDPSA) became law on June 16, 2023. Texas becomes the 11th state to enact a comprehensive consumer data privacy law, joining California, Virginia, Colorado,...
View ArticleEuropean Commission Approves EU-U.S. Data Privacy Framework, Paving Way for...
Swiftly on the heels of the U.S. announcing it fulfilled its commitments for implementing the EU-U.S. Data Privacy Framework (the Framework), the European Commission (the EC) formally recognized that...
View ArticleOregon Consumer Privacy Act Signed Into Law
Oregon becomes the 12th state with a comprehensive consumer data privacy law - The Oregon Consumer Privacy Act (OCPA) became law on July 18, 2023. Oregon is the twelfth state to enact a comprehensive...
View ArticleChina's Cyberspace Administration Releases "Interim" Rules Regulating the Use...
The Cybersecurity Administration of China ("CAC") and six other agencies jointly promulgated Interim Measures for the Administration of Generative Artificial Intelligence Services ("Generative AI...
View ArticleU.S. District Court Holds That BIPA's Liquidated Damages Are Discretionary
The U.S. District Court for the Northern District of Illinois, Eastern Division, issued an order on June 30, 2023, that may substantially alter the risk exposure for entities sued for violations of the...
View ArticleFEC Considers Possible Restrictions on AI and Deepfakes in Campaign Ads
On August 16, 2023, the Federal Election Commission (FEC) published a Notice of Availability of Petition for Rulemaking (Notice) seeking comment on whether it should initiate a formal rulemaking to...
View ArticleFederal Court Dismisses Newsletter Subscriber’s VPPA Claim: Not a "Consumer"
Although a digital subscriber to an online newsletter may have standing to sue under the Video Privacy Protection Act ("VPPA"), 18 U.S.C. § 2710(b)(1), if the newsletter subscription contains no...
View ArticleHere We Go Again — FCC Proposes to Revive Net Neutrality Rules
On Monday this week, Anna Gomez was formally sworn in as the FCC's fifth commissioner, bringing the Commission back to its full complement and giving Chairwoman Rosenworcel a third Democratic vote. The...
View ArticleWhite House Ushers in New Era of Regulation With Landmark Executive Order on...
The AI executive order moves the U.S. closer to a broader unified approach on federal AI regulation, expanding on the AI Bill of Rights and NIST AI Risk Management Framework and focusing on the...
View ArticleFCC Revises CPNI and LNP Rules to Combat SIM Swap and Port-Out Fraud
On November 16, 2023, the Federal Communications Commission ("FCC" or "Commission") released a Report and Order and Further Notice of Proposed Rulemaking ("Order and FNPRM") revising the FCC's Customer...
View ArticleFCC's Expansive New Rules Prohibiting "Digital Discrimination" in Broadband...
On November 20, 2023, as required by Section 60506 of the Infrastructure Investment and Jobs Act of 2021 (Infrastructure Act), 47 U.S.C. § 1754, the Federal Communications Commission issued a Report...
View ArticleNew Jersey Governor Signs Comprehensive Privacy Law
On January 16, 2024, New Jersey Governor Phil Murphy signed into law Senate Bill 322 ("the Act"), making New Jersey the fourteenth state to enact a comprehensive consumer data privacy law, joining...
View ArticleNIST Seeks Public Comment on Developing Standards and Guidelines for...
Key Areas for Comment in the Request for Information - Developing guidelines, standards, and best practices for AI safety and security. Developing a companion resource to the Risk Management Framework...
View ArticleEU Unanimously Approves Comprehensive Artificial Intelligence Act
On February 2, 2024, representatives from the European Union (EU) member states formally approved the final text of the EU Artificial Intelligence Act (the Act), which will be subject to final...
View ArticleWho's Liable for Deepfakes? FTC Proposes To Target Developers of Generative...
Late last week, the FTC released a notice seeking comment on a proposed rule that could create potential liability for generative AI developers. Specifically, the agency is requesting comments on a new...
View ArticleLand of 10,000 Data Lakes: Minnesota Consumer Data Privacy Act Signed Into Law
On May 25, 2024, Minnesota Governor Tim Walz signed the Minnesota Consumer Data Privacy Act (the "Act"), which takes effect on July 31, 2025, for most controllers and on July 31, 2029, for certain...
View ArticleFCC’s Net Neutrality Redux: Safeguarding and Securing the Open Internet
On May 7, 2024, the Federal Communications Commission (FCC) issued its latest network neutrality order, Safeguarding and Securing the Open Internet (the "Order"), which was published in the Federal...
View ArticleEmpire State of Minding the Minors: New York Laws Aim To Ensure Children’s...
On June 7, 2024, the New York Legislature passed two bills to protect children online. The Stop Addictive Feeds Exploitation (SAFE) for Kids Act, S7694A, prohibits social media platforms from providing...
View ArticleIllinois Revises Biometrics Law To Reduce the Prospect of "Ruinous" Damage...
In a major change to a law that produced extraordinarily high damages claims and settlements, the Illinois General Assembly amended the Biometric Information Privacy Act (BIPA) to substantially reduce...
View ArticleCalifornia Governor Signs AI Governance Measures into Law—But Vetoes...
Governor Newsom has vetoed SB 1047 but signed into law three other laws regulating the development and deployment of certain artificial intelligence (AI) tools. As explained in detail in our prior...
View Article