Search results

[…] and the United States. Dealing with these risks requires that greater attention be paid to geopolitical crises and legal fragmentation as a threat to protections for the free flow of data across borders.  The end of the ‘Brussels effect’? There has been much talk of the ‘Brussels effect’ that has allowed the EU to […]

[…] design features and characteristics may make them susceptible to new kinds of security threats. Adversarial attacks on LLMs, such as the use of prompt injection attacks to get these models to reveal sensitive information (e.g., credit card information), can impact AI agents too. Besides causing an agent to reveal sensitive information without permission, prompt […]

[…] must undergo a serious reckoning with privacy law. Scraping has evaded a reckoning with privacy law largely because scrapers act as if all publicly available data were free for the taking. But the public availability of scraped data shouldn’t give scrapers a free pass. Privacy law regularly protects publicly available data, and privacy principles […]

[…] their state law and displaying that information.  2. Update your passwords and multi-factor authentication regularly  Password re-use is one of the top ways that unwanted eyes can get into your accounts: once one service where you used a password is breached, criminals will likely try the same username and password combination on other services […]

[…] on streaming services to larger life decisions.” He highlights what will be one of the key privacy and data protection implications of all this: “AI companions will get unprecedented access to sensitive personal data, from financial transactions to private conversations and daily routines.” Protecting sensitive data in this context, especially with inferences broadly recognized […]

[…] creating sensitive inferences. Take a good look at vendor management. Don’t just rely on contractual constraints. If there are no technical monitoring or other controls in place, get a plan for some in product roadmaps. Deepen your relationships with various business teams (sales and marketing, product teams, etc.) so you know what they’re planning […]

[…] AI legislation. Maryland passed the  Maryland Online Data Privacy Act (MODPA) as well as the Maryland Age-Appropriate Design Code Act” (Maryland AADC).  Following Connecticut’s lead last year, Virginia and Colorado both amended their state privacy laws to add specific online protections for kids’ data. FPF also examined genetic privacy laws from Montana, Tennessee, Texas, […]

[…] In the deployment and use phase, organizations must exercise strict caution when inputting personal information into AI systems, particularly systems that are provided to the public for free, such as AI chatbots. They emphasize the need to comply with APP 6 for any secondary use of personal information, minimizing data input, and maintaining transparency […]

[…] the PPC delivered the opening keynote. In his keynote, Commissioner Oshima shared about the PPC’s regulatory priorities for 2025. These included cross-border data transfers and the Data Free Flow with Trust initiative, as well as further collaboration with the G7 DPAs and bilaterally with various international regulators.  Following the keynote, Gabriela Zanfir-Fortuna, Vice-President for […]

[…] minimization provisions are also elements of recent sectoral laws including the Washington State My Health My Data Act, the New York Child Data Protection Act, and the Virginia Child Data Privacy Amendment. Taken together, these frameworks portend a new trend toward substantive data minimization standards; however, their statutory requirements vary in subtle but consequential […]