The Senate Privacy Subcommittee is focused on the Judiciary Committee’s jurisdiction over privacy legislation, but expect collaboration with the Senate Commerce Committee, Sen. Marsha Blackburn, R-Tenn., told us Thursday. Other senators offered views on the White House's plans to work with tech companies to build a healthcare data-sharing system (see 2507310067).
AI Privacy
AI privacy concerns are growing as copyrighted works and personal data are used to train, optimize and operate machine learning systems. From facial recognition to inference risks, AI applications often test the limits of existing privacy laws. Regulators worldwide are developing safeguards to govern data use, bias, transparency and consent in AI development. This page tracks legislation, regulatory frameworks and enforcement actions at the intersection of AI and data protection.
Nik Blosser will be Oregon’s first Chief Privacy Officer and Artificial Intelligence Strategist, announced Oregon Chief Information Officer Terrence Woods on Tuesday. Blosser will craft the strategic vision of the state in relation to privacy, data protection and AI. He previously served as chief of staff for Gov. Kate Brown (D) and is co-founder of Celilo Group Media.
The general-purpose AI code of practice adequately allows signatory AI developers to show compliance with the EU AI Act, the European Commission announced in an opinion Friday.
So far in 2025, state lawmakers and regulators have focused on data related to health, children, geolocation and biometrics, said Sidley privacy attorneys Colleen Theresa Brown, Sheri Porath Rockwell and Sasha Hondagneu-Messner in a blog post Thursday.
The U.S. has set itself on a "fundamentally divergent path" from the EU by focusing on deregulation and national security in the new White House AI Action Plan (see 2507230058), Pinsent Mason AI and intellectual property attorney Cerys Wyn Davies blogged Thursday.
Microsoft signed the EU general-purpose AI (GPAI) code of practice to help build trust in the emerging technology, the company said Thursday.
Consumer advocates on Thursday continued to sound the alarm over the White House’s plans to work with tech companies in building a health data-sharing system.
Minnesota's comprehensive privacy law that took effect Thursday uniquely requires companies to allow consumers to question their automated decisions. The law also includes uncommon requirements about material changes to privacy polices and giving lists of third parties to consumers. While companies will also for the first time face requirements such as having to conduct data inventories and appoint chief privacy officers, many of the law's stipulations are already best practices, privacy lawyers told us.
The Electronic Privacy Information Center (EPIC) added current and former government officials and academics to its advisory board, it announced Wednesday. The four new members will help EPIC bolster its policy work at the state level on AI and data protection, counter the White House's deregulatory push that "has threatened children's privacy protections" and "created ... risks that industry interests will be prioritized over consumer safety."
Security company Palo Alto Networks announced Wednesday an agreement to buy Israeli identity security provider CyberArk for $25 billion in cash and stock. Palo Alto Chairman and CEO Nikesh Arora said on CNBC’s Squawk on the Street that the deal will strengthen his company's ability to prevent AI-based identity theft, noting that about 88% of ransomware attacks are driven by credential theft, and “identity is an unsolved problem.” Palo Alto viewed CyberArk as the “strongest player” in the space, he said.