Author

Helena Engfeldt

Browsing

The California Privacy Protection Agency has issued an Enforcement Advisory on the topic of dark patterns. The California Consumer Privacy Act uses the term “dark patterns” to refer generally to user interfaces that subvert or impair consumers’ autonomy, decisionmaking, or choice when asserting their privacy rights or consenting to personal information processing activities. For example, when businesses provide choices to consumers, such as via cookie banners or in privacy preference centers, choices must be clear…

Organizing a giveaway, sweepstakes, contest, or similar promotional event can be an effective way for companies to engage with their audience and boost brand visibility. But navigating the complex legal landscape surrounding these types of promotions in the U.S. and around the world is crucial to avoid potential pitfalls. From ensuring compliance with federal and state regulations to avoiding accusations of illegal gambling, there are numerous considerations that businesses must address to conduct a successful…

If passed, SB-1047, the California Safe and Secure Innovation for Frontier Artificial Intelligence Model Act, would introduce product safety, documentation and reporting obligations on developers of AI systems. Currently awaiting passage in the state Assembly, the bill would be a landmark regulation for the burgeoning AI industry. The law as currently written would mainly target larger AI projects developed by companies with extensive resources, rather than smaller startups. However, operators of data centers would also…

In Brief Various players in the health care industry are or will soon be subject to new requirements relating to sexual and reproductive health data under a pair of bills passed last year amending the California Confidentiality of Medical Information Act (the “CMIA”). Many of the central provisions of bills AB 254 and AB 352, which were both signed into law by Governor Gavin Newsom in September 2023, came into effect on January 1, 2024.…

Copyright 2024 International Association of Privacy Professionals. Data minimization: An increasingly global concept. Data minimization requirements are not new but they are becoming more common, and enforcement is on the rise. “Legal basis” requirements for data processing, justifying data processing activities and transfers, and adhering to data minimization principles began hitting organizations’ radars with the EU General Data Protection Regulation. In response to the GDPR, many multinationals are differentiating regionally, or by jurisdiction, how they…

On April 4, 2024, the Kentucky Governor Andy Brashear signed HB 15, enacting the Kentucky Consumer Data Protection Act (“KCDPA” or the “Act”), to make Kentucky the 15th US state to adopt a comprehensive privacy law. Kentucky joins New Hampshire and New Jersey in a trifecta of states that have enacted privacy legislation in the opening months of 2024. In the days since the KCDPA’s signing, the consumer privacy stakes have been raised, with the…

Background On February 28, 2024, California State Senator Dave Min proposed Senate Bill (SB) 1394, a new measure aimed at preventing vehicular data from being used to perpetuate domestic violence. Under the proposal, automobile manufacturers would be required to disable access to remote vehicle technologies upon the request of a victim of domestic violence. The bill arrives amid increasing reports of incidents of domestic abusers exploiting vehicular location tracking features to stalk and harass victims…

On January 18, 2024, the New Hampshire legislature passed SB255, making the Granite State the 14th US state to pass a consumer privacy law—and the second state to do so in January. Following enrolment—a formality to excise clerical errors—the bill will move to Governor Chris Sununu’s desk for final enactment. If it becomes law, SB255 will go into effect on January 1, 2025, giving businesses less than one year to ensure compliance with the new…

28 January 2024 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. Data Privacy Day encourages the global community to think about the importance of respecting privacy, safeguarding data, and enabling trust. In an increasingly connected and digitized world, where data protection, privacy and cybersecurity regulation are rapidly evolving, the work of the global data community is more vital, and more challenging,…

Sending a clear message, the Federal Trade Commission (FTC) announced the settlement of two separate enforcement actions against data brokers for selling precise location data that may be used to reveal sensitive information. On January 9, the FTC settled with Outlogic, LLC (formerly X-Mode Social) over allegations that it failed to obtain meaningful consent from consumers before collecting and selling data that could be used to track visits to sensitive locations like clinics and places of…