Search results

[…] The Hill and Lawfare editorials respectively. In addition to federal privacy legislation, 2022 also saw the introduction of consumer privacy laws in Utah and Connecticut, joining California, Virginia, and Colorado. Last month, FPF urged the Federal Trade Commission to prioritize practical rules that clearly define individuals’ rights and companies’ responsibilities in our filed comments […]

[…] the balance of interests. She stressed that regulators could help organizations gain greater familiarity with the legitimate interest basis by issuing clear guidance with specific examples of use cases on where the basis could be applied. Leandro Aguirre emphasized that when relying on legitimate interests, companies are in a better position than the data […]

[…] new scientific insights and drive progress in public health, education, social science, and a myriad of other fields for the betterment of the broader society. Academic researchers use this data to consider consumer, commercial, and scientific questions at a scale they cannot reach using conventional research data-gathering techniques alone. This data also helped researchers […]

[…] technical details that the statute does not address. Among the actions required under the 2021 law, the DOT is required to set a safety standard for the use of blood alcohol detection technology within three years, after which vehicle manufacturers will have between two-three years to install the systems in all new passenger motor […]

[…] because the regulation of data privacy and security is a “major question” best served through Congress. These comments focused on the Supreme Court’s 2022 ruling in West Virginia v. EPA, holding that regulatory agencies, absent clear congressional authorization, cannot issue rules on major questions that affect a large portion of the American economy. Several […]

[…] Mechanisms (UOOMs), including standards for residency authentication and the procedures by which “opt-out lists” may function as UOOMs. Resolve apparent inconsistencies in the draft regulations for the use of on-by-default UOOMs. Clarify the intended scope of restrictions on “Dark Patterns” in consumer interfaces. Assess the scope and intended effect of the regulations’ novel definitions […]

[…] remarks on state-level legislation focusing on the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), adding that Colorado, Connecticut, Utah, and Virginia have similar laws. She elaborated on the CPRA’s contractual language, comparing California’s categorization of “Businesses,” “Contractors,” “Third Parties,” and “Service Providers” to the GDPR’s distinction between […]

[…] Rights Act (CPRA) ballot initiative expanded California’s privacy regime, establishing heightened protections for certain sensitive personal information and providing a right to correct inaccurate data. In 2021, Virginia (VCDPA) and Colorado (CPA) enacted laws that are notable for creating ‘opt-in’ affirmative consent requirements in addition to California-style ‘opt-out’ privacy rights. Finally, in 2022, Connecticut […]

[…] Nations Convention on the Rights of the Child (UNCRC), an international treaty ratified by 195 countries, including the UK, but not the US. While the California AADC uses a similar “best interests of children” standard, without the foundation of the UNCRC, there is much less certainty in how businesses should make that determination.  “As […]

[…] fraud detection algorithms). The difference between the risk-based approach and an exhaustive high-risk AI list  As a pushback to having a specific set of strictly-regulated high-risk AI use cases in Annex III and prohibited practices in Article 5 of the AI Act, some voices suggested mimicking the GDPR’s open clauses and risk-based approach. More […]