Last week was a busy one for AI regulation. The week started and ended with big news from Colorado: on Monday, Colorado’s legislature passed “Concerning Consumer Protections in Interactions with Artificial Intelligence Systems” (SB 24-205) (Colorado AI Law) and, on Friday, Governor Jared Polis (D) signed the Colorado AI Law “with reservations” according to his letter to Colorado’s legislature. Although the Colorado legislature is the first U.S. lawmaker to pass general AI legislation, Colorado’s Governor has expressly invited Congress to replace the Colorado AI Law with a national regulatory scheme before the Colorado AI Law’s February 1, 2026, effective date.

Continue Reading All Eyes on AI: Colorado Governor Throws Down the Gauntlet on AI Regulation After Colorado General Assembly Passes the Nation’s First AI Law

Last week, the Illinois House of Representatives joined the Illinois Senate in passing amendments to the state’s Biometric Information Privacy Act (“BIPA”) to limit the scope of possible damages for violations of BIPA. As covered extensively here on PW, last year in Cothron v. White Castle, the Illinois Supreme Court held that an individual person accrues a separate statutory claim each time a defendant collects or discloses the individual’s biometric information in violation of BIPA. While the dissent in Cothron accurately observed that the combination of statutory damages and “per-scan” accrual meant that businesses could face “punitive, crippling liability . . . wildly exceeding any remotely reasonable estimate of harm,” the Cothron majority determined that “concerns about potentially excessive damage awards under the Act are best addressed by the legislature.”

Continue Reading Illinois Legislature to Amend BIPA to Overrule Illinois Supreme Court Damages Decision

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Arbitration Provider JAMS Creates New Mass Arbitration Procedures | Privacy World

OneTrust DataGuidance Publishes Team SPB’s Comparison of the Kentucky, Maryland and Nebraska Consumer Privacy Laws – Part 1 | Privacy World

Are You Ready for July 1? Florida, Oregon, and Texas on Deck | Privacy World

Singapore Looks to Tighten Corporate Disclosures of Directors’ Personal Data | Privacy World

Employers and Insurance Companies Continue To Be Targeted with Deluge of Claims Under the Illinois Genetic Information Privacy Act | Privacy World

FCC Fines National Mobile Providers for Sharing Customer Location Information: What Are the Lessons and What to Expect in this New Era of FCC Mobile Data Privacy Oversight | Privacy World

Congress Could Disrupt Prevailing State Law Approach to Online Ads | Privacy World

Squire Patton Boggs Lawyers to Present on Several Upcoming Webinars and Events | Privacy World

Earlier this month, arbitration services provider JAMS announced that it created a new set of Mass Arbitration Procedures and Guidelines (“Mass Procedures”) for use in mass arbitrations.  Like competitor American Arbitration Association’s (“AAA”) update to its mass arbitration supplementary rules (“AAA Supplementary Rules”) earlier this year, JAMS’s new procedures include some features that may mitigate some of the more abusive practices common to mass arbitrations, but do not fully eliminate the risks posed by mass arbitrations.  Read on for an overview of these new procedures and the accompanying fee schedule.

Continue Reading Arbitration Provider JAMS Creates New Mass Arbitration Procedures

PrivacyWorld is pleased to report that the first part of a two-part article comparing Kentucky, Maryland and Nebraska’s new consumer privacy laws was published by OneTrust Data Guidance. These three state privacy laws were the 3rd, 4th and 5th laws enacted in 2024, following the new consumer privacy laws in New Hampshire and New Jersey enacted in January.

Continue Reading OneTrust DataGuidance Publishes Team SPB’s Comparison of the Kentucky, Maryland and Nebraska Consumer Privacy Laws – Part 1

Privacy pros know that tracking all the US consumer privacy laws is a challenge. The Privacy World team is here to help. In this post, we’ve collated information and resources regarding the consumer privacy laws in Texas, Oregon and Florida – all three of which are effective as of July 1, 2024. While the Florida privacy law’s status as an “omnibus” consumer privacy law is debatable given its narrow applicability and numerous carveouts, we’ve included it in this post for completeness. We’ve also provided a list of effective dates for the other state consumer privacy laws enacted but not yet in effect and some compliance approaches for your consideration.

Continue Reading Are You Ready for July 1? Florida, Oregon, and Texas on Deck

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Singapore Looks to Tighten Corporate Disclosures of Directors’ Personal Data | Privacy World

Employers and Insurance Companies Continue To Be Targeted with Deluge of Claims Under the Illinois Genetic Information Privacy Act | Privacy World

FCC Fines National Mobile Providers for Sharing Customer Location Information: What Are the Lessons and What to Expect in this New Era of FCC Mobile Data Privacy Oversight | Privacy World

Congress Could Disrupt Prevailing State Law Approach to Online Ads | Privacy World

Squire Patton Boggs Lawyers to Present on Several Upcoming Webinars and Events | Privacy World

California Privacy Regulator Holds Townhall Sessions On Draft Rules | Privacy World

When the EDPB is Weaponized, It Is Our Privacy That Is at Risk | Privacy World

Relying on CAFA’s Discretionary “Home-State” Exception, Federal Court Punts Data Breach Class Action Back to State Court | Privacy World

Singapore Progresses Towards Amended Cybersecurity Law | Privacy World

Heavyweight Fight, Did the US or EU KO the AI Treaty? | Privacy World

Are you Ready for Washington and Nevada’s Consumer Health Data Laws? | Privacy World

On 7 May 2024, Singapore’s Parliament introduced an Accounting and Corporate Regulatory Authority of Singapore (ACRA) Registry and Regulatory Enhancements Bill (Bill), which will limit public disclosures of company directors’ residential addresses on the business registry in Singapore.

Continue Reading Singapore Looks to Tighten Corporate Disclosures of Directors’ Personal Data

The Illinois Genetic Information Privacy Act, 410 ILCS 513/1, et seq. (“GIPA”), which was passed in 1998 and amended in 2008, had until recently received little attention from the plaintiffs’ bar. That changed last August, after a court granted certification in a federal GIPA class action involving alleged unauthorized disclosure of consumers’ genetic information to unknown third-party developers by a website that sold DNA analysis reports. See Melvin v. Sequencing, LLC, 344 F.R.D. 231, 233 (N.D. Ill. 2023). Over 50 GIPA cases were filed in 2023 alone in the wake of that ruling, with many more now pending in Illinois state and federal courts. As this litigation trend continues almost a year following the granting of class certification in Melvin, companies are asking: what is GIPA, are we subject to it, and what should we do to mitigate litigation risk?  Employers, insurance companies, and others that collect health- and genetic-related information should read on to learn more.

Continue Reading Employers and Insurance Companies Continue To Be Targeted with Deluge of Claims Under the Illinois Genetic Information Privacy Act

The Federal Communications Commission (FCC) recently issued four orders imposing $196 million in fines against the three largest national mobile services providers in the United States (i.e., AT&T, T-Mobile, and Verizon) and Sprint, who merged with T-Mobile in 2020 (the “Mobile Providers”).[1] The FCC fined them for sharing customer location information with third parties without prior customer consent and then failing to take reasonable measures to protect that information against unauthorized disclosure. Although AT&T, T-Mobile, and Verizon suspended in 2019 the specific programs that gave rise to the fines, the Forfeiture Orders stand as the definitive guidance from the FCC on the treatment of customer location information under Section 222 of the Communications Act and the FCC’s rules regulating access to “customer proprietary network information” or “CPNI.” They also provide a window into upcoming debates and possible additional FCC actions.

Continue Reading FCC Fines National Mobile Providers for Sharing Customer Location Information: What Are the Lessons and What to Expect in this New Era of FCC Mobile Data Privacy Oversight