Privacy News

  • New York Times vs ChatGPT. The New York Times is considering legal action against OpenAI due to disputes over licensing and intellectual property rights. Negotiations between the two entities over incorporating Times' stories into OpenAI's tools have grown contentious. The newspaper is concerned about ChatGPT's potential to compete directly by generating responses based on its original reporting, raising copyright protection questions in the context of generative AI.
  • Federal Contractors Beware. Congresswoman Nancy Mace has introduced the Federal Cybersecurity Vulnerability Reduction Act, which would compel federal contractors to establish Vulnerability Disclosure Policies (VDPs) based on NIST guidelines.
  • Opt-Out Mechanisms Matter. Experian Consumer Services, a subsidiary of credit agency Experian, will pay a $650,000 civil penalty and adhere to a permanent injunction to settle allegations related to violating the CAN-SPAM Act. The case involved the sending of commercial emails to consumers who had created free Experian accounts, with the emails lacking opt-out mechanisms and violating the CAN-SPAM Act's requirements.
  • Connected Cars and Data Privacy. The California Privacy Protection Agency (CPPA) is turning its attention to connected cars and data privacy. The focus is on ensuring that the data collected and processed by connected cars adheres to privacy regulations and protects consumers' personal information.
  • EU-U.S. Data Privacy Framework Agreement. The European Union (EU) has approved a new privacy agreement regarding the protection of personal data transferred between the EU and the U.S. The agreement aims to address concerns over electronic surveillance and data protection standards, enabling smoother data transfers for companies without additional security measures.
  • Texas Data Privacy and Security Act. The Texas Data Privacy and Security Act (TDPSA) has been passed by the Texas Legislature. It provides rights for Texas consumers to request access to, as well as deletion and correction of, personal data, and aims to protect personal data privacy while exempting small businesses.
  • Florida Digital Bill of Rights. The Florida Legislature has approved a Digital Bill of Rights, which was subsequently signed by Governor DeSantis, focusing on data protection and consumer rights in the digital realm, although further details are not available at this time.
  • PETS (Privacy Enhancing Technologies) In Congress. The U.S. House Committee on Science, Space, and Technology voted 35-0 on a favorable report for House Resolution 4755 on privacy-enhancing technology research. The bill, which is now eligible for full House consideration, aims to "support research on privacy-enhancing technologies and promote responsible data use."
  • $20 Million Fee Proposed Against Telecom Companies. The FCC's Privacy and Data Protection Task Force announced a proposed $20 million fine against Q Link Wireless LLC and Hello Mobile Telecom LLC for potential violations of FCC rules related to the protection of subscribers' personal data. The companies apparently failed to authenticate customers' identities before granting online access to Customer Proprietary Network Information (CPNI), risking the unauthorized access and disclosure of sensitive customer information.
  • Biometrics to Buy Alcohol? State legislatures such as New York are considering bills to allow biometric scans to verify ages for licensed alcohol sales. Verification via the traditional methods such as physical IDs would still be permitted. The proposed bill would allow age verification through scans of biometric features like fingerprints, palm prints, retinas, or facial scans at various venues such as bars, restaurants, and sports events. However, the bill prohibits the sale of any data to third parties and requires encryption of the data.
  • AI Governance and Big Tech. The Biden-Harris Administration is collaborating with leading AI companies like Amazon, Google, Microsoft, and Meta to provide for the safe and responsible development of artificial intelligence (AI) technology. These companies have committed to principles of safety, security, and trust in their AI development, which include rigorous testing before product release, cybersecurity investment, collaboration on risk management, and public reporting on the capabilities and limitations of AI systems.

To Consider

  • Implementation of New Consumer Privacy Laws. Several U.S. states, including California, Colorado, Connecticut, Utah, and Virginia, are implementing new consumer privacy laws throughout 2023. These laws involve stringent data protection standards and various obligations for controllers and processors of personal data. Consider consulting with privacy experts to stay on top of compliance with the various obligations imposed by these privacy laws.
  • Next Up. Utah's Consumer Privacy Act (UCPA) will become effective on December 31, 2023. The UCPA applies to businesses with annual revenue of $25 million or more that meet certain thresholds related to consumer data processing. The UCPA grants consumers rights including access, deletion, data portability, and opt-out of certain processing, with enforcement overseen by the attorney general.
  • U.S. Federal Privacy Legislation and Bills. The landscape of U.S. federal privacy legislation in 2023 is marked by both new and reintroduced bills aimed at consumer privacy. These include bills like the Data Care Act of 2023 and the Online Privacy Act of 2023, with the former imposing duties on online service providers for cybersecurity and consumer data protection, and the latter proposing comprehensive consumer privacy rights and business obligations.
  • FTC/HHS Warns of Privacy Risks from Online Tracking Technologies. The Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) have jointly cautioned hospitals and telehealth providers about potential privacy and security risks related to the use of online tracking technologies on their websites or apps that could inadvertently expose consumers' sensitive health data to third parties.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.