Key Takeaways:

  • The Minnesota Consumer Data Privacy Act (the “Act”) follows established trends regarding transparency, data minimization, and required assessments, but represents the next evolution in consumer rights under U.S. state-by-state privacy legislation.
  • The Act provides consumers with special rights related to profiling, that is, automated processing of personal data to evaluate, analyze, or predict personal aspects of an individual, including through AI, not found in other state laws.
  • The Act requires covered organizations to adapt and expand their existing compliance programs in order to respond to these new consumer rights.

Summary:

Starting July 31, Minnesota will join the growing list of U.S. states with its own comprehensive consumer data privacy law, but with a key difference. Signed into law in 2024, the Minnesota Consumer Data Privacy Act follows the broader national trend toward stronger data protection and use standards. Like other U.S. state privacy laws, the Act requires covered organizations to:

Continue Reading The Minnesota Consumer Data Privacy Act Is the Next Evolution in Consumer Privacy Rights

Takeaways

  • Increased federal deregulation and related actions are further destabilizing the already tenuous foundation of the Data Privacy Framework (DPF). European privacy regulators have been issuing guidance indicating that they expect a European pull-back from the DPF.
  • Businesses that rely on the DPF should maintain their certification, but should move now to prepare to activate alternative data transfer mechanisms, such as the standard contractual clauses, and update lapsed transfer and data privacy impact assessments.
  • Review current cloud-storage arrangements and consider regionalizing European data storage to avoid EU-to-U.S. data transfers, especially if your cloud provider is relying on DPF certification to legitimize GDPR data transfers.

After years of litigation, false starts, and invalidated frameworks, the U.S. had finally achieved a simplified path for GDPR compliant transfers of personal data from Europe. However, European reaction to the recent changes on the U.S. side of the pond indicates a wavering in the support of the EU-U.S. Data Privacy Framework (DPF) and threatens to send the U.S. back into the data transfer dark ages.

Continue Reading Status Check: Support Is Quickly Eroding for the EU-U.S. Data Privacy Framework

We’re not playing horseshoes here, folks. It’s time to review your consumer privacy rights forms and mechanisms.

Key Takeaways

  • The fields relating to requests to opt-out of sale/sharing and requests to limit should only solicit the information strictly necessary to complete the request, which is likely less than the other more substantive requests (like access and delete). This applies to authorized agent opt-out requests as well.
  • For the more substantive requests (like access and delete), re-evaluate how much information is actually necessary for you to fulfill the consumer’s request. Ensure your form is not asking for anything extraneous.
  • Review your cookie consent toggles to ensure that the exact number of steps are involved in opting-out of certain cookies as they are for opting-in.
  • Ensure you have CCPA-compliant contracts with your advertising technology providers saved in your files.
Continue Reading Close Enough Is Not Good Enough When It Comes to Consumers’ Privacy Rights

Takeaways

  • Conflicting court rulings regarding the retroactivity of the BIPA Amendment create significant legal ambiguity for businesses facing pending lawsuits.
  • It is crucial for businesses to stay informed about ongoing BIPA litigation developments, as outcomes could have substantial financial implications.

While enacted in 2008, the Illinois Biometric Information Privacy Act (“BIPA”) did not emerge as a significant source of litigation until nearly 10 years later. From 2015 to 2023, there was nearly a 7,000% increase in BIPA claims. Although this snowball effect can be partially attributed to the rapid evolution of biometric technologies, a series of Plaintiff-friendly decisions also spurred BIPA filings. With recent developments on the legislative front and in the courtroom, has BIPA litigation finally reached its peak?

Continue Reading Interpretation of BIPA Amendment Splits the Courts: Implications for Businesses

As AI continues to advance at a rapid pace, two notable foreign players have emerged: DeepSeek and Qwen. These powerful AI models, developed by a Chinese lab and Alibaba, respectively, have garnered attention for their impressive capabilities and potential to disrupt the AI industry. However, alongside their technological prowess comes a host of privacy concerns that warrant closer examination. This article delves into the privacy pitfalls associated with these AI models and explores the implications for users and the broader AI ecosystem.

Continue Reading Privacy Pitfalls in AI: A Closer Look at DeepSeek and Qwen

Takeaways

  • Human Authorship is Essential for Copyright Protection
  • AI as an Assistive Tool Does Not Negate Copyright Eligibility
  • Transparency in Disclosures is Crucial

The U.S. Copyright Office has released Part 2 of its comprehensive report on AI, delving into the complex issue of copyrightability for works created using generative AI systems. This eagerly anticipated report addresses the fundamental questions surrounding human authorship, creative control, and copyright protection in an era of rapidly advancing AI technologies. As generative AI continues to reshape creative industries, the Copyright Office’s findings provide crucial guidance on how existing copyright law applies to AI-assisted and AI-generated works.

In its report, the Copyright Office reaffirms several fundamental principles while providing clarity on how existing copyright law applies to works involving AI. Key findings from the report include

Continue Reading The Future of Creativity: U.S. Copyright Office Clarifies Copyrightability of AI-Generated Works

In Greek mythology, Sisyphus was punished by Hades for cheating death (twice) by forcing him to roll an immense boulder up a hill only for it to roll back down every time it neared the top. AI stakeholders know the feeling. Attempting to keep pace with the downpour of artificial intelligence-related regulation, guidance, rules and requirements emerging over the past two years feels like a mythical challenge.

At any point in time, there are 50 U.S. states, five inhabited territories, the White House, a federal district, a dozen federal agencies, a hundred-odd state agencies and a couple thousand municipalities all tackling the same question: what are the rules for a safe, legal and generally non-evil deployment of artificial intelligence tools?

Different regulators have come up with different answers to that question. What have they focused on so far?

Continue Reading Understanding Trends in AI Legislation

Colorado just became the first U.S. state to pass a law (Senate Bill 24-205 “SB 24-205” or the “CAIA”) regulating consumer harms arising out of artificial intelligence (“AI”). While the CAIA will not go into effect until February 2026, it is part of a growing trend in the U.S., including, most notably, the White House’s guidance on “Algorithmic Discrimination Protections” published at the end of 2023.

Continue Reading Colorado’s Artificial Intelligence Act (CAIA) – The First U.S. State Law Regulating Consumer Harms Arising Out of AI

The American Data Privacy and Protection Act (ADPPA), proposed in 2022, is no more. The relay race of proposed federal privacy legislation has now entered its final leg with the American Privacy Rights Act (APRA).

Continue Reading Federal Privacy Legislation Is Inching Toward the Finish Line With the American Privacy Rights Act

That whistling sound you hear may not be an old-school newspaper walking past a graveyard—it may well be an AI industry-killing asteroid. On December 27, 2023, the New York Times filed a groundbreaking suit against OpenAI and Microsoft. The Times alleged copyright infringement, vicarious copyright infringement, contributory copyright infringement, violations of the Digital Millennium Copyright Act’s prohibition on removing copyright management, unfair competition, and trademark dilution. The 69-page, 204-paragraph complaint, filed in the Southern District of New York, alleges, among many other things, that:

Continue Reading Will the New York Times Take Down Large Language Models?