Search results

[…] including third-party recipients of personal data and data subjects. Stage 2: Analyzing Relevant Legal Frameworks and Ensuring Compliance Collecting, using, or transferring body-related data may implicate a number of current and emerging U.S. privacy laws. As such, organizations should: Understand the individual rights and business obligations that apply under existing comprehensive and sectoral privacy […]

[…] federal privacy legislation once again languishing in Congress, state-level activity on privacy dramatically accelerated in 2023. As the dust from this year settles, we find that the number of states with ‘comprehensive’ commercial privacy laws swelled from five to twelve (or, arguably, thirteen), a new family of health-specific privacy laws emerged in Democratic-led states […]

[…] Project-Related Publications Received “Best Student Paper” Awards This Year In addition to building the eponymous online tool, the PrivaSeer project grant has supported the publication of a number of papers by researchers involved in the privacy field. First, an effort to systematically identify and discuss issues within the privacy research community titled “Researchers’ Experiences […]

[…] of guidance and standards for AI auditing, generative AI authentication, and privacy-enhancing technologies (PETs).  Similarly, of the state EOs, California is the most prescriptive and includes a number of specific mandates and reports tailored to different agencies, such as the creation of procurement guidelines, assessments on the effect of generative AI on infrastructure, and […]

[…] others are still being reviewed by the FTC. The idea of age assurance, on the other hand, is relatively new in the U.S., and there are a number of actors considering the possibility of deploying age assurance methods in the states. Key considerations for exploring the use of age assurance technology in the U.S. […]

[…] interpreting, and enforcing UOOM mandates. The legal environment behind Universal Opt-Out Mechanisms Online advertising continues to evolve, specifically in reaction to new regulatory requirements as an increasing number of international jurisdictions and U.S. states have enacted comprehensive privacy laws. As of October 2024, twelve states grant individuals the right to opt out of businesses […]

[…] and gender-based violence.  The European Commission designated VLOPs and VLOSEs earlier this year (see Table 1), based on criteria laid out in the DSA and a threshold number of 45 million monthly users across the EU. The DSA obligations for these designated online platforms became applicable on August 25, 2023, with the exception of […]

[…] illustrations included in the law to explain Section 7(a) is the hypothetical of a buyer requesting a receipt of purchase at a store be sent to her phone number, permitting the store to use the number for that purpose. There is a possibility that subsequent rules may expand this “legitimate use” to cover instances […]

[…] “data controller or data processor that is domiciled, resident in, or operating in Nigeria and processes or intends to process personal data of more than a such number of data subjects who are within Nigeria.” The Act continues, explaining that “the Commission may prescribe or such other class of data controller or data processor […]

[…] state privacy law to explicitly provide that individuals have a right to request the deletion of “derived data.” 4. Slightly Stricter Controller Obligations Oregon’s bill includes a number of routine obligations for covered organizations including maintaining reasonable data security, contractual requirements for processors, posting privacy notices, and obtaining consent for the processing of sensitive […]