Legislators in states like Texas, Connecticut, New York and Massachusetts can set the tone for privacy-related AI laws in 2025, stakeholders told the Multistate AI Policymaker Working Group during a public feedback session Monday.
Finding common ground on data protection "remains a challenging task, primarily because privacy is deeply shaped by cultural, legal, and economic contexts," Ginervra Cerrina Feroni, vice-president of Italian privacy watchdog Garante, said in an email. The General Data Protection Regulation (GDPR), for example, is rooted in a fundamental rights-based approach, while frameworks like the Global Cross Border Privacy Rules (CPBR) system emphasize voluntary compliance and flexibility, reflecting different traditions and priorities.
"The collaborative spirit among EU institutions is not only encouraged but also necessary" for managing the plethora of EU digital laws, Thomas Regnier, European Commission tech sovereignty spokesperson, said Friday (see 250121000).
Montana legislators mulled two privacy bills from the author of the state’s 2023 comprehensive law during hearings Thursday. At one livestreamed session, Montana Sen. Daniel Zolnikov (R) urged the Senate Energy and Telecom Committee to clear a fix of another data bill from that year, the Genetic Information Privacy Act. Later, during an Education Committee hearing, the state senator urged support for a bill that gives students “the right to be forgotten.”
Avoid using integrated AI tools such as Copilot without thoroughly assessing them in advance, and ensuring control mechanisms and effective user training, the Norwegian Data Protection Authority blogged Thursday in an unofficial translation. In addition, it published a report offering guidance on how companies can use AI strategically. Among other things, it said they should decide what a particular project's goals are, what areas are relevant for AI use, and what areas AI should be kept away from.
LinkedIn was sued Tuesday after allegedly disclosing Premium customers' private messages to third parties without their permission so it could train generative AI models.
Class action lawsuits surrounding cybersecurity breaches have risen significantly in recent years and 2024 was no exception, lawyers said during a Practising Law Institute event Thursday. Speakers discussed trends from 2024 concerning litigation about data privacy, cybersecurity breaches and the Telephone Consumer Privacy Act.
Privacy compliance is a good starting point for navigating risks and worries associated with future AI technology, said Matt Kelly, CEO of Radical Compliance, in a Navex blog Tuesday. “Privacy issues are inseparable from AI risks."
There are grounds for "intense" collaboration among authorities responsible for enforcing EU digital laws such as the General Data Protection Regulation (GDPR) and AI Act (AIA), privacy lawyer Petruta Pirvan said during a Sypher webinar Wednesday in Bucharest, Romania. Especially in the context of AI systems that process personal data, logic is strong for regulators cooperating, said Pirvan, a member of the European Commission's GPAI code of practice working group.
In addition to an increase in privacy laws, 2025 is expected to bring an escalation of privacy and data protection claims under old laws, said International Association of Privacy Professionals (IAPP) members on a webinar Wednesday.