The Federal Trade Commission issued a supplemental notice of proposed rulemaking on February 15, 2024, in which it recommended a trade regulation rule that would (1) impose liability on businesses who provide goods or services (including artificial intelligence technology) with knowledge or reason to know they will be used to engage in unlawful impersonation of individuals, government, or businesses; and (2) prohibit impersonation of individuals.

Read the full Update here.

On Friday, February 9, as the country collectively packed up and prepared to head home for Super Bowl weekend, the Third Appellate District of the California Appellate Court issued an Order granting the California Privacy Protection Agency the ability to immediately enforce regulations implementing the California Privacy Rights Act, which were finalized in March 2023. This vacated a July 2023 court decision staying enforcement of the regulations until March 29, 2024.

The order paves the way for enforcement after finalization of the proposed regulations governing cybersecurity audits, risk assessments, and automated decision making technology.

Read the full Update here.

Artificial Intelligence-generated robocalls may trick some consumers into thinking they are being called by a human being, but the Federal Communications Commission clarified in a recent AI Declaratory Ruling that it will not be fooled. Moving forward, all AI-generated robocalls will be treated as artificial or prerecorded voice calls for purposes of the Telephone Consumer Protection Act and will require a called party’s prior express consent.

Read the full Update here.

Building off of the momentum from last year’s torrent of new comprehensive state privacy laws, 2024 has begun with a bang as two more states have now entered the picture. On January 16, 2024, New Jersey became the latest state to enact comprehensive privacy legislation with the New Jersey Data Privacy Act (NJDPA). New Hampshire’s state legislature quickly followed suit by passing Senate Bill 255 and it is currently awaiting finalization before becoming law.

Continue Reading Two New States Enter the Privacy Fray

On February 1, 2024, the Federal Trade Commission announced a complaint and proposed consent order against Blackbaud, Inc. concerning a 2020 data security incident that included a ransomware demand and payment. According to the FTC’s complaint, Blackbaud’s allegedly unfair and misleading conduct included not just deficient data security practices but also a delay in providing accurate notice to its business customers about the breach, including the inclusion of deceptive statements about the scope and severity of the breach in its initial notice to those customers.

The FTC highlighted that this case is the first time it has brought standalone Section 5 unfairness claims arising out of the alleged failure to (1) implement and enforce reasonable data retention practices and (2) accurately communicate the severity and scope of the breach.

Read the full Update here.

Safety risk assessments are becoming a preferred regulatory tool around the world. Online safety laws in Australia, Ireland, the United Kingdom, and the United States will require a range of providers to evaluate the safety and user-generated content risks associated with their online services.

While the specific assessment requirements vary across jurisdictions, the common thread is that providers will need to establish routine processes to determine, document, and mitigate safety risks resulting from user-generated content and product design. This Update offers practical steps for providers looking to develop a consolidated assessment process that can be easily adapted to meet the needs of laws around the world.

Read the full Update here.

California Attorney General Rob Bonta announced an investigatory sweep into popular streaming apps and devices, timed to coincide with Data Privacy Day on January 28. The California Attorney General’s Office explained that it is sending letters to such streaming services alleging a failure to comply with the requirement to offer an easy mechanism to opt out of the sale or sharing of personal information under the California Consumer Privacy Act (CCPA).

Continue Reading California Announces Sweep on Streaming Services and More Enforcement To Come

Less than 10 days after announcing its complaint and proposed settlement against location data broker X-Mode, the Federal Trade Commission (FTC) followed its recent spate of enforcement in the location and sensitive data space with the announcement of another enforcement action and proposed settlement with InMarket Media, Inc. (InMarket). 

Continue Reading The FTC Continues its Focus on Location and Sensitive Data

On January 9, 2024, the Federal Trade Commission (FTC) announced its complaint and proposed settlement with location data broker X-Mode Social, Inc. and its successor Outlogic, LLC (collectively X‑Mode). Under the order, X-Mode will be prohibited from sharing or selling any “sensitive location data”—location data that identifies visits to sensitive locations such as medical facilities, religious organizations, and other locations that allow potentially sensitive inferences. The FTC’s action reflects the FTC’s continued focus on location data, particularly that reflects potentially sensitive information, and is similar to the case it is currently litigating against Kochava regarding its sales of precise geolocation data.

Continue Reading FTC Cracks Down on Collection and Sharing of Sensitive Location Data With Proposed X-Mode Settlement

The Federal Trade Commission announced its first enforcement action alleging that discriminatory use of artificial intelligence was an unfair practice under Section 5 of the FTC Act on December 19, 2023. 

The enforcement action signals that the FTC is using and will continue to use its Section 5 unfairness authority to require reasonable safeguards on the use of automated tools, including those relying on facial recognition and other biometric technology, to ensure their accuracy and absence of bias. What is more, the case provides the most concrete guidance from the FTC to date regarding the measures that the FTC would like to see companies take to help ensure that AI systems operate accurately and without bias.

Read the full Update here.