Search results

[…] as a victim of crime, included in Oregon, or financial information, included in California and New Jersey). The definition of biometric data is broader than that in Virginia (covering data generated from a photograph or an audio or video recording if generated to identify a specific individual), but narrower than that in New Jersey […]

“At this critical moment in time, the U.S. is positioned to demonstrate leadership to develop and regulate emerging technologies such as AI. These tools, while incredibly advantageous when deployed responsibly, also carry tremendous potential to cause harm. We commend the Biden administration for recognizing the multifaceted challenges and opportunities presented by AI technologies.  We’re also […]

[…] consent under the DPDPA. During the discussion, panelists emphasized the importance of clear, understandable written notices and discussed other design choices to ensure that consent is “ free, specific, informed, unconditional, and unambiguous”. To this end, Swati Sinha highlighted consent notices for different categories of cookies under the EU General Data Protection Regulation (GDPR), […]

[…] in this area, state legislators have been the most active in mandating protections for this particularly sensitive category of personal information. In 2023, Montana, Tennessee, Texas, and Virginia joined six other states (Arizona, California, Kentucky, Maryland, Utah, and Wyoming) that have enacted privacy laws for direct-to-consumer genetic testing companies. These four newly enacted laws […]

[…] and Choice under Rule 5.03 and Default Settings under Rule 5.04. The notice and choice requirements ask UOOM vendors to ensure that the signal represents an “affirmative, freely given, and unambiguous choice to opt out” of targeted advertising and data sales. The requirements for default settings seek to ensure the choice remains a genuine […]

In 2024, health and wellness-focused companies are increasingly integrating AI to streamline their services–with the expansion of AI-enabled digital health, the universe of potential health inferences will also expand, triggering new concerns about patient and consumer privacy. At this intersection of reproductive health privacy and AI concerns, state legislators and federal regulators appear poised […]

[…] tend to require that the controller derive at least a certain percentage of revenue from personal data sales (e.g., 25%) to be covered. This is another similarity between S332 and the Colorado Privacy Act, which sets the same thresholds.  The carve outs in S332 are similar to those in the Delaware Personal Data Privacy […]

[…] they need it for some obvious reason, like helping you with directions, showing your nearby friends, or perhaps a store location you’re looking for? If not, feel free to opt-out of location data. Be aware that location data is often used to personalize ads and recommendations based on locations you have recently visited. Allowing […]

[…] these winning papers were awarded based on the strength of their research and proposed policy solutions for policymakers and regulators in the U.S. and abroad. The Privacy Papers for Policymakers event will be held on February 27, 2024, in Washington, D.C., exact location to be announced. The event is free and open to the public.

[…] Trade Commission (“FTC”) have made clear that they are working together to ensure organizations protect sensitive health information. In particular, failure to establish proper agreements or safeguards between covered entities and AI vendors can constitute a violation of the HIPAA Privacy Rule when patient health information is shared without patient consent for purposes other […]