Search results

[…] as a contested and priority issue in privacy legislation. Under many existing state privacy laws, companies have been subject to “procedural” data minimization requirements whereby collection and use of personal data is permitted so long as it is adequately disclosed or consent is obtained. As privacy advocates have pushed to shift away from notice-and-choice, […]

[…] a nod to First Amendment concerns that have plagued similar requirements in other state laws. Covered businesses must design services to avoid reasonably foreseeable emotional distress, compulsive use, or discrimination. However, the bill clarifies that the mere content that a minor views cannot, by itself, constitute harm. Nebraska, by contrast, does not create a […]

[…] region, noting that most APAC jurisdictions have preferred not to enact hard AI laws. Instead, these regions focus on regulating elements of AI systems such as the use of personal data (Singapore), addressing risk in AI systems (Australia), promoting industry development (South Korea), fostering international cooperation, and responsible AI practices (Japan), government oversight of […]

[…] it is necessary to independently test the tools using their own data, rather than relying on representations made by third party vendors – especially for “high risk” use cases. This is due to the growing amount of regulatory interest in unfair and deceptive practices pertaining to AI deployment (e.g. misleading statements about the capabilities, […]

[…] lowest numerical applicability thresholds of any of the state comprehensive privacy laws when the law was enacted in 2023. At that time, prior comprehensive privacy laws in Virginia, Colorado, Utah, Connecticut, Iowa, and Indiana all applied to controllers that either (1) control or process the personal data of at least 100,000 consumers (“the general […]

[…] and related guidelines promote easy-to-understand consent practices and recognize additional legal grounds, especially in the context of AI. A 2025 bill is under consideration to expand the use of non-consent bases for AI-related processing. The Personal Data Protection (Amendment) Act 2024, published in October 2024, introduces stronger enforcement tools and administrative penalties in Malaysia. […]

[…] to specific individuals. The goal is to enable data analysis, research, and sharing while mitigating privacy harms and complying with legal and ethical obligations. Despite its widespread use and appeal, de-identification is far from a perfected solution. Decades of research and numerous real-world incidents have demonstrated that supposedly “de-identified” or “anonymized” data have been […]

[…] partnership with the University of Arizona Eller College of Management. The project, which launched on April 1, will explore the complex intersection of privacy, economics, and the use of emerging technologies designed to support aging populations (“AgeTech”). AgeTech includes a wide range of applications and technologies, from fall detection devices and health monitoring apps […]

[…] New Legislative Framework (NLF) to ensure that high-risk AI systems meet both legal and technical standards before and after being placed on the market and throughout their use.  The CA should be understood as a framework of assessments (both technical and non-technical), requirements, and documentation obligations. The provider should assess whether the AI system […]

[…] simplified risk categorization, including absence of prohibited AI practices, comparatively lower financial penalties, and the establishment of initiatives and government bodies aimed at promoting the development and use of AI technologies. The intent of this comparison is to assist practitioners in understanding and analyzing key commonalities and differences between both laws. Finally, Part 6 […]