Search results

[…] most sensitive of personal data to the newly-conceived legal category of “neural data.” Each of these laws defines “neural data” in related but distinct ways, raising a number of important questions: just how broad should this new data type be? How can lawmakers draw clear boundaries for a data type that, in theory, could […]

[…] oversight purposes. The supervising body typically has some discretion as to how to implement its sandbox, such as the focus (technology or sector-specific), the vetting process, the number of accepted applicants, and evaluation metrics for success. Application and selection: As part of the vetting process, participating organizations must explain to the regulatory body why […]

Data-driven pricing: A set of practices that use personal and/or non-personal data to routinely inform decisions about the prices and products offered to consumers, often for the purpose of price personalization. State lawmakers in the U.S. are seeking to regulate various pricing strategies that fall under the umbrella of data-driven pricing, following the release in […]

[…] under federal health privacy law at all. Instead, protections depend on the state where a user lives, or whether the product falls under one of a growing number of state-level privacy laws or consumer health privacy laws. Laws like New York’s S929/NY HIPA, which remains in legislative limbo, reflect growing state interest in regulating […]

[…] generate a human-readable response. Stage 2: Embedding contextual information Complex contextual information can be reflected as patterns in high-dimensional vectors. The greater the complexity, the higher the number of features that are needed. These are reflected as parameters of the high dimension vectors. Contrariwise, low dimension vectors contain fewer features and have lower representational […]

[…] likely to result in a “high risk” to data subjects. The draft guidelines propose a two-tier approach to assess this risk, considering both quantitative factors (like the number of data subjects) and qualitative ones (such as data sensitivity). Notably, if a DPIA reveals a high overall risk, organizations may be required to notify the […]

[…] of certain types of personal data. Under the amendments, a controller cannot disclose the following types of data in response to a consumer access request: social security number; government-issued identification number (including driver’s license number); financial account number; health insurance or medical identification number; account password, security question or answer; and biometric data. Instead, […]

[…] process to issue these rules, and engaged with numerous stakeholders and closely monitored market developments to promote consumer interests, innovation, and competition. Ms. Strickland’s testimony lists a number of valuable aspects to the rule, including its treatment of consumer controls, screen scraping, security obligations, and industry standards. Her testimony also highlights five areas of […]

[…] that is currently law in Maryland and several sectoral laws); and reasonable expectations (the approach taken by California). This rise of substantive data minimization rules raises a number of challenges and unresolved questions, which are explored in Part II. Some of these questions include the role of consent, what is a “requested” product or […]

[…] Age-Appropriate Design Code Act (S.69). Download the Chart Two visions of scope Each AADC’s scope turns on two key provisions – business thresholds tied to revenue and number of affected users, and an applicability standard based on either audience composition or “knowedge” of minor users on the service. Business thresholds Both the Nebraska and […]