Here are eight recent developments in privacy law you should consider as you get ready for the holidays.
Don’t Lie on Your AI
- The U.S. Federal Trade Commission recently issued a new enforcement action on AI “Greenwashing.”
- Make sure any AI-related marketing claims you make are accurate.
Data Brokers and Sensitive Information
- The FTC recently issued new enforcement actions on sensitive location, demonstrating the FTC’s strong stance on this topic. It also could hint at what the Trump Administration’s FTC will care about.
- The Consumer Financial Protection Bureau initiated NPRM for rules on situations that put data brokers inside scope for Fair Credit Reporting Act.
- CCPA amended its definition of “broker,” putting more companies in its scope than before
Privacy Notices
- The Texas Attorney General recently issued new notices of potential violation of the new Texas privacy law. If cured, these will not lead to enforcement.
- Interesting focus on clarity in privacy disclosures. It’s not enough to check boxes regarding what you need to disclose. It’s important that people be able to readily understand what you do with their data, and with whom you share that information.
New Rules for the Colorado Privacy Act
Kids Online Safety Act
- U.S. Senator Ted Cruz recently submitted the Kids Online Safety Act.
- Children’s federal legislation is on the horizon.
AI Legal Basis
- European regulators are struggling to figure out the right legal basis to make training AI with persona data possible.
- It is even more difficult when there might be some sensitive data involved.
Baltics on Short Term Car Rental
- Privacy disclosures and data minimization are under the spotlight in short term car rentals.
- So is data minimization and data retention.
Significant Fine in Germany
- Data retention limitation failures resulted in a 900,000 EUR fine in Germany.
- Companies subject to U.S. laws are equally in scope as retention limitation is required by the U.S. State Privacy laws, and has been enforced in by the FTC as well.
- Of particular note, if you have a data breach, and old data is impacted, the regulators have and will react.