FTC

Online privacy and safety of children and teens are hot legislative topics this year. In a companion post we provide an update of federal and state legislative efforts to fundamentally change how online content and advertising are delivered to children and teens. We have previously discussed legislation in California and Connecticut to require assessments of online privacy impacts on minors. In this post we focus on proposed regulatory and legislative changes to the 1998 Children’s Online Privacy Protection Act (COPPA) (effective in 2000) and its corresponding regulations (COPPA Rule), which were last updated in 2013.Continue Reading Federal Children’s Privacy Requirements to Be Updated and Expanded

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Deep Fake of CFO on Videocall Used to Defraud Company of US$25M | Privacy World

Address Cyber-risks From Quantum Computing

Acting expeditiously in part in response to recent events, the Federal Communications Commission (“FCC”) declared on February 8 that the Telephone Consumer Protection Act’s “restrictions on the use of ‘artificial or prerecorded voice’ encompass current [artificial intelligence (“AI”)] technologies that generate human voices.” Therefore, the FCC ruled “calls that use such technologies fall under the TCPA and the [FCC’s]…implementing rules and…require the prior express consent of the called party to initiate such callas absent an emergency purpose or exemption.” If telemarketing is involved, prior express written consent is required. However, contrary to other media reports, the FCC ruling neither bans use of AI, nor even requires consent to use AI to create content that is in text or that is subsequently converted into artificial voice. Rather, it merely equates AI-voice generation to other forms of artificial or prerecorded voice messages for TCPA consent purposes. Since prior express consent to use of artificial or prerecorded voice messages is what the TCPA requires, that is what the consent should cover. However, it is advised that the use of AI to generate such audio content should also be disclosed as part of the consent.Continue Reading FCC Rules Voice-Cloned Robocalls Are Covered by the TCPA as Artificial/Pre-Recorded

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Ten Things About Artificial Intelligence (AI) for GCs in 2024 | Privacy World

CCPA Regs Effective Immediately, No One-Year Delay

As state legislation increasingly regulates sensitive data, and expands the concepts of what is sensitive, the Federal Trade Commission (“FTC” or “Commission”) is honing-in on sensitive data processing in expanding its unfairness authority in relation to privacy enforcement. The FTC’s recent enforcement activities regarding location aware data is a good example. As we have previously reported here and here, Kochava, an Idaho-based data broker, is currently embroiled in a federal lawsuit with the Commission that has the potential to redefine the legal bounds of sensitive data collection, use and sharing and the data brokering industries on a federal level.Continue Reading Sensitive Data Processing is in the FTC’s Crosshairs

2023 was another busy year in the realm of data event and cybersecurity litigations, with several noteworthy developments in the realm of disputes and regulator activity.  Privacy World has been tracking these developments throughout the year.  Read on for key trends and what to expect going into the 2024.

Growth in Data Events Leads to Accompanying Increase in Claims

The number of reportable data events in the U.S. in 2023 reached an all-time high, surpassing the prior record set in 2021.  At bottom, threat actors continued to target entities across industries, with litigation frequently following disclosure of data events.  On the dispute front, 2023 saw several notable cybersecurity consumer class actions concerning the alleged unauthorized disclosure of sensitive personal information, including healthcare, genetic, and banking information.  Large putative class actions in these areas included, among others, lawsuits against the hospital system HCA Healthcare (estimated 11 million individuals involved in the underlying data event), DNA testing provider 23andMe (estimated 6.9 million individuals involved in the underlying data event), and mortgage business Mr. Cooper (estimated 14.6 million individuals involved in the underlying data event). Continue Reading 2023 Cybersecurity Year In Review

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Two Significant AI Announcements:  Spooky for AI Developers? | Privacy World

Last Chance to Register for In-Person CLE: The Important

With its private right of action and expansive scope – extending far beyond Washington state’s borders and applying to a wide swath of health- and non-health-oriented companies alike – Washington’s My Health My Data Act is poised to be more ground-shifting than any other consumer privacy law that came before it. Join Kyle Fath, Bola Shonowo and Gicel Tomimbang for a discussion of:Continue Reading Join us on September 28 for a Webinar on Washington’s My Health My Data Act and other Consumer Health Data Regulation

On May 18, 2023, the Federal Trade Commission (“FTC”) unanimously adopted its Policy Statement on Biometric Information and Section 5 of the Federal Trade Commission Act (“Policy Statement”), addressing the increasing use of consumers’ biometric information and the marketing of technologies that use or claim to use it—regarding which the FTC raises significant concerns. In the areas of privacy, data security, and the potential for bias and discrimination. In addition, the Policy Statement also provides a detailed discussion of the established legal requirements applicable to the use of biometrics, particularly those relating to Section 5 of the FTC Act, and lists examples of the practices the agency will scrutinize in determining whether companies’ use of biometric technologies run afoul of Section 5.
Continue Reading FTC’s New Policy Statement on Biometric Information Provides Clear Warning to Companies on Increased Scrutiny of Facial Recognition & Related Biometrics Practices

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Law360 Publishes “CFPB’s Hazy ‘Abuse’ Definition Creates Compliance Questions” Article by Keith Bradley and David Coats | Privacy World

Governor