On October 30, 2023, President Biden signed an Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (the “Order”). The Order is the most comprehensive federal policy on AI to date and covers a wide range of topics. It sets new standards for AI safety and security, addresses how AI developments could impact individuals’ privacy and civil rights, discusses how the U.S. can continue to be a leader in AI innovation and competition, and much more. This Order closely follows the July 21, 2023, announcement by the Biden administration that seven major AI companies, Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and Open AI, voluntarily agreed with the administration to place more guardrails around the development and deployment of AI. The Order has many implications for companies that are developing and deploying AI systems:Continue Reading Biden’s Executive Order and Its Possible Effects on Companies Developing and Deploying AI Systems

On Monday, May 22, the European Data Protection Board (EDPB) published a decision hitting Meta, parent of Facebook, WhatsApp, and Instagram, with a €1.2b ($1.3b) fine for impermissibly transmitting personal information from the European Economic Area (EEA) to the United States. The EDPB described Meta’s activities as “serious” and including “transfers that are systematic, repetitive, and continuous,” and it stated that the fine was intended to serve as a “strong signal to organizations that serious infringements have far-reaching consequences.”Continue Reading How Much Forgiveness Does $1.3 Billion Buy in the EU?

Continuing the state-by-state legislative trend, three more state legislatures; Indiana, Montana, and Tennessee (via their respective “Acts”); have passed comprehensive data privacy laws. Even while a federal comprehensive data privacy law remains elusive, these laws join the patchwork of data privacy laws in California, Colorado, Connecticut, Iowa, Utah, and Virginia. Below are some highlights from these Acts:Continue Reading The Patchwork Continues… Montana, Tennessee, and Indiana Pass Comprehensive Data Privacy Laws

On April 18, 2023, the Washington legislature passed the My Health My Data Act (the “Health Act”), a broad-sweeping data privacy and protection law governing individual personal health data. Although this bill is pending Governor Jay Inslee’s signature, the privacy community expects signature this year and braces itself for this novel law.Continue Reading An “Apple A Day” Does Not Keep Washington Regulators and Consumers Away: Washington Passes My Health My Data Act

The Genesis of Three Competing Federal Bills

In 2018, there were numerous congressional and industry proposals aimed at addressing privacy on the federal level. Although none ever crystalized as federal law, the sheer number of lawmakers introducing proposals and getting involved in the debate made clear that privacy would be a focus in 2019. As 2019 began, there was hope that the various state privacy statutes being enacted and debated were putting even more pressure on the federal government to enact bipartisan federal privacy legislation. The California Consumer Privacy Act’s (CCPA) January 1, 2020 go-live date also seemed to be increasing pressure on Congress to act. Nowhere was the combination of hope and pressure more pronounced than in the Senate Committee on Commerce, Science, and Transportation. Throughout 2019, bipartisan discussions on federal privacy legislation seemed to be progressing. Those talks ultimately broke down towards the end of 2019 and resulted in three separate, rival legislative proposals: COPRA, CDPA, and CDPSA.
Continue Reading Federal Privacy Legislation: Where Are We and Where Are We Going?

The Federal Trade Commission (FTC) has released its annual Privacy and Data Security Update, which highlights the FTC’s activities during the past year. The FTC, the U.S. agency tasked with a unique dual mission to protect consumers and promote competition, detailed its record year for enforcement actions aimed at protecting consumer privacy and data security.

The FTC’s primary enforcement authority comes from Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive practices in the marketplace. The FTC also has authority to enforce a variety of industry-specific laws, including the Gramm-Leach-Bliley Act, the Truth in Lending Act, the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act, the Children’s Online Privacy Protection Act (COPPA), the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, and the Telemarketing and Consumer Fraud and Abuse Prevention Act. The FTC has used its authority to address a wide range of practices affecting consumers, including those that come with the development of new technologies and business models.
Continue Reading FTC Releases Annual Privacy and Data Security Update

Chicago based  attorneys Cinthia Granados Motley and Ashley Jackson were published on Law360 February 7, 2017. The article, “10 Ways To Avoid Wrongful Collection Of Data Claims,” discusses tips by using the who, what, where, when and why of consumers to help answer the most asked questions.