Consumer Protection Dispatch

Posted October 11, 2024

GDPR Enforcement: Lessons from Recent Data Privacy Penalties

by Steven Farmer, Scott Morton and Mark Booth

Steven Farmer

Scott Morton

Mark Booth

Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing practices. On October, 10, 2024, CNIL fined two companies offering remote clairvoyance services a total of €400,000—€250,000 for Cosmospace and €150,000 for Telemaque—for breaches including excessive data retention, failure to obtain explicit consent for sensitive data processing, and non-compliance with marketing consent rules. These decisions serve as a reminder for businesses to evaluate their data protection policies to avoid costly penalties and maintain consumer trust.

Posted September 30, 2024

CPPA Continues Rulemaking on AI, the New Delete Request and Opt-Out Platform (DROP), Cybersecurity Audits and Privacy Risk Assessments

by Jeewon K. Serrato, Shruti Bhutani Arora and Christine Mastromonaco

Jeewon K. Serrato

Shruti Bhutani Arora

Christine Mastromonaco

The California Privacy Protection Agency (CPPA) has released the agenda for its upcoming public board meeting on October 4, 2024. This meeting is set to cover important regulatory and enforcement matters related to the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

Here’s a breakdown of the substantive agenda:

Posted September 20, 2024

California Legislature Passes Generative AI Training Data Transparency Bill (UPDATED)

by Mia Rendar, Andrew L. Caplan, Jeewon K. Serrato and Erin Choo

The California legislature recently passed Assembly Bill 2013 (AB 2013) on August 27, 2024, a measure aimed at enhancing transparency in AI training and development. If signed into law by Governor Gavin Newsom, developers of generative AI systems or services that are made available to Californians would be required to disclose significant information on the data used to train such AI systems or services. This, in turn, may raise novel compliance burdens for AI providers as well as unique challenges for customers in interpreting the information.

Posted August 14, 2024

Regulation Evolves to Address Deepfakes, Robocalls and More

by Consumer Protection Team

Consumer Protection Team

While major legal cases involving AI have largely focused on copyright issues, few cases thus far have directly addressed truthful advertising of AI products and AI-generated content. Indeed, the ease with which consumers and the public can be deceived by AI, as well as the fear of mal-intentioned interference in political elections, has underscored the urgency of considering legislation and regulations that are capable of addressing these issues directly.

In Truth-in-AI and Robo-Deception: How Regulation Is Evolving to Address Deepfakes, Robocalls and More to Avoid the Erosion of Consumer Trust, colleagues Marcus Leonard, Shani Rivaux and Sam Eichner discuss the evolving legislation and regulations that will address these issues directly.

Posted June 26, 2024

The UK Introduces Tougher Penalties for Consumer Protection Breaches

by Scott Morton and Mark Booth

Scott Morton

Mark Booth

In May 2024 the UK passed the new Digital Markets, Competition and Consumers Act (DMCC). Amongst other changes, the DMCC grants the UK Competition and Markets Authority (CMA) new powers to directly impose fines of up to 10% of a business’s global turnover for consumer protection breaches and to issue notices requiring changes to online interfaces, significantly enhancing the CMA’s enforcement capabilities.

Posted June 5, 2024

New Report Latest to Cast Uncertainty over EU-U.S. Data Privacy Framework

by Steven Farmer, Shruti Bhutani Arora, Jeewon K. Serrato, Mark Booth and Gabby Torres

A new report issued in May 2024 by the Centre for European Policy Studies (CEPS), an independent thinktank, is the latest development to cause concerns over the EU-U.S. Data Privacy Framework (DPF), predicting that it will likely fail if challenged before the Court of Justice of the European Union (CJEU).

Posted May 31, 2024

From Encryption to Employment, U.S. Federal Agencies Brace for the Effects of Quantum Computing, AI and More

by Shruti Bhutani Arora, Jeewon K. Serrato and Gabby Torres

Shruti Bhutani Arora

Jeewon K. Serrato

Gabby Torres

In this week’s edition of Consumer Protection Dispatch, we look at the latest regulatory developments from the U.S. Department of Commerce, Consumer Financial Protection Bureau, and the Securities and Exchange Commission regarding data and AI.

Posted May 22, 2024