Search results

[…] Governor Lombardo, making Nevada the second state, after Washington, to pass broad-based consumer health data privacy legislation this session. The act will take effect on March 31, 2024. The Washington ‘My Health, My Data’ Act (MHMD), which was enacted on April 27, 2023, established a first-of-its-kind, comprehensive framework within U.S. law for the protection […]

[…] features, including a mechanism to report “harmful or unwanted” behavior. The children’s and health provisions of SB 3 appear to be informed by the California Age-Appropriate Design Code (AADC) and the recently enacted Washington State My Health, My Data Act, respectively, but contain numerous important distinctions.  FPF has prepared a comparison chart to help […]

[…] alongside technological and societal developments. The Model Framework is also technology-, industry-, scale- and business-model agnostic.  Substantively, the Model Framework is guided by two fundamental principles to promote trust and understanding in AI. First, organizations using AI in decision-making should ensure that the decision-making process is explainable, transparent and fair. Second, AI systems should […]

[…] the Review Report’s proposal to grant the OAIC the power to determine codes of practice, the Report proposes that the OAIC should issue a “Children’s Online Privacy Code” for online services that are likely to be accessed by children. The Code would align with the UK’s Age Appropriate Design Code, and would provide guidance […]

[…] in California AADC, Section 2 defines “substantial harm or privacy risk” to include: mental health disorders; addictive behaviors; physical violence, online bullying and harassment; sexual exploitation; the promotion and marketing or tobacco, gambling, alcohol, or narcotic drugs; and predatory, unfair, or deceptive marketing practices or other financial harms. Both the California AADC and Section […]

[…] require hefty documentation from data subjects, but they must be responded to within 72 hours – so do correction and deletion requests. Data Transfer Assessments and a registration with the competent authority are requirements for all cross-border data transfers. The lack of a prescriptive list of fines and sanctions. Enforcement entrusted to an existing […]

[…] dates of some of MHMD’s provisions, in general the Washington Legislature seems to intend for MHMD’s substantive data privacy requirements to come into effect on March 31, 2024 (or June 30, 2024 for small businesses). Other provisions, including the Act’s sections on geofencing and enforcement, will take effect in 90 days time.  This post […]

On Friday, April 21st, the Montana State Legislature approved the ‘Montana Consumer Data Privacy Act’ (MCDPA) to be sent to the Governor’s desk. If enacted by Governor Gianforte, Montana would join the 6 states that have adopted comprehensive privacy frameworks. Notably, at almost every stage of the legislative process, the MCDPA received unanimous bipartisan support […]

[…] related to processing of personal data. Specifically, it defines the forms of personal data covered under the law, covered actors and extent of application of the law, registration requirements of controllers and processors, and obligations of controllers and processors towards data subjects. The structure and provisions of PIPA coincide with laws in other parts […]

[…] own research.  In many cases, these issues raise novel questions about legal rights and liability. For example, software developers have used ChatGPT to write and improve existing code. Yet LLMs, including ChatGPT, have been shown to regularly produce inaccurate content. If an employee uses the code generated by ChatGPT in a product that interacts […]