Search results

[…] setting while managing potential risks. The concept of a regulatory sandbox was first introduced in the financial technology (fintech) sector, with the United Kingdom launching the first one in 2015. Since then, the concept has gained global traction, especially in sectors with rapid technological advancement, such as healthcare. According to a 2025 report by […]

[…] prices and products offered to consumers. Using a variety of terms—including “surveillance,” “algorithmic,” and “personalized” pricing—legislators are targeting a range of practices that often look different from one another, and carry different benefits and risks. Generally speaking, these practices fall under one of four categories: Reward or loyalty program: A company offers a discount, […]

[…] may not be protected under federal health privacy law at all. Instead, protections depend on the state where a user lives, or whether the product falls under one of a growing number of state-level privacy laws or consumer health privacy laws. Laws like New York’s S929/NY HIPA, which remains in legislative limbo, reflect growing […]

[…] over whether Large Language Models (LLM) store copies of the data that they are trained on.1 In copyright circles, this has led to lawsuits such as the one by the New York Times against OpenAI that alleges that ChatGPT will reproduce NYT articles nearly verbatim.2 While in the privacy space, much ink has also […]

[…] to data protection laws in New Zealand (2020), Singapore (2021), and Australia (2024), as well as an ongoing review of Hong Kong’s law, which began in 2020. One example of how the Amendment Act brings the PDPA closer to globally recognized norms is the replacement of the term “data user” with “data controller.” While […]

[…] more. Important changes include:  Significantly expanded scope, through changes to applicability thresholds, narrowed exemptions, and expanded definitions;  Changes to consumer rights, including modifying the right to access one’s personal data and a new right to contest certain profiling decisions;  Modest changes to data minimization, purpose limitation, and consent requirements;  New impact assessment requirements headline […]

[…] legal, social, and economic contexts of the continent. FPF is known as a trusted platform where senior leaders come to test ideas, share solutions, and learn from one another. As Managing Director, how do you plan to strengthen these connections further while supporting members navigating emerging challenges? Now in my third year of bringing […]

[…] personal data, and consequently, processors and AI developers must ensure compliance with personal data principles and obligations. Scraping operations that capture personal data must be based on one of the LGPD’s lawful bases for processing (Articles 7 and 11) and comply with data protection principles of good faith, purpose limitation, adequacy, and necessity (Article […]

[…] Vermont takes a more granular approach. It explicitly prohibits providing users with a single “less protective” setting that would override others, explicitly limiting the use of all-in- one privacy toggles. Furthermore, a number of its default setting requirements only apply to social media platforms, a divergence from prior AADCs whose requirements have generally been […]

[…] protection agencies of different countries. “It’s important to see how the authority of the data protection authority remains relevant and at the center of regulation around AI. One interesting point in the AI Act is that in the Netherlands, there were around 20 authorities appointed as having competence to enforce and regulate to a […]