It’s crunch time for the California legislature, with many privacy and AI bills nearing the finish line as lawmakers return from summer recess Monday. A few of the most potentially impactful measures for businesses cover universal opt-out preference signals, location privacy, automated decisions and so-called surveillance pricing, said privacy lawyers and consumer advocates in interviews with Privacy Daily this week.
People are increasingly using general-purpose AI chatbots like ChatGPT for emotional and mental health support, but many don’t realize that regulations like the Health Insurance Portability and Accountability Act (HIPAA) fail to cover these sensitive conversations, a Duke University paper published last month found. Industry self-regulation seems unlikely to solve the issue, which may disproportionately affect vulnerable populations, said Pardis Emami-Naeini, a computer science professor at Duke and one of the report’s authors.
CAMDEN, N.J. -- A federal judge raised doubts Monday that the Communications Decency Act gives data brokers immunity from New Jersey’s Daniel’s Law. In an oral argument at the U.S. District Court for New Jersey, Judge Harvey Bartle heard preemption arguments from various data brokers sued by Atlas Data Privacy under the 2020 state law, which is aimed at protecting the personal information of judicial and law enforcement officers, child protective investigators and certain family members.
Meta could be more transparent about a new Instagram feature that lets users share their location with friends, a consumer privacy advocate said Friday. While another advocate also raised safety concerns, the company listed ways that the mapping feature protects privacy.
New York Assemblymember Alex Bores (D) expects his AI safety bill, the Responsible AI Safety and Education (RAISE) Act, could be revised through the chapter-amendment process, the legislator told Privacy Daily on Wednesday. “We’re open to amendments that … strengthen or clarify the bill.”
The California Consumer Privacy Act (CCPA) is “like a big Lego block” to which state legislators “are constantly adding … Lego pieces,” said Tom Kemp, executive director of the California Privacy Protection Agency, during an IAPP webinar Tuesday. The California Privacy Rights Act, which amended the CCPA, prohibits reducing Californians’ privacy rights, he noted.
Businesses should map their automated decision-making technology (ADMT), review and revise privacy policies, plan for cybersecurity audits and review vendor contracts in response to California Privacy Protection Agency rules adopted July 24, some privacy law practices advised in recent client alerts. The rules are expected to be finalized without changes shortly.
Minnesota's comprehensive privacy law that took effect Thursday uniquely requires companies to allow consumers to question their automated decisions. The law also includes uncommon requirements about material changes to privacy polices and giving lists of third parties to consumers. While companies will also for the first time face requirements such as having to conduct data inventories and appoint chief privacy officers, many of the law's stipulations are already best practices, privacy lawyers told us.
President Donald Trump’s possible health-tracking system with Big Tech companies should increase the urgency for New York Gov. Kathy Hochul (D) to sign a health data privacy bill that passed the state legislature months ago, Assemblymember Linda Rosenthal (D) said in a Wednesday interview with Privacy Daily: “I will bring it to” the governor's office’s “attention today.”
Colorado plans to forego a mandate that companies verify users' ages in a rulemaking that updates the state’s comprehensive privacy law. But when enforcing kids privacy restrictions, the state's attorney general could consider companies’ use of age-estimation technologies, said draft rules released Tuesday.