Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing practices. On October, 10, 2024, CNIL fined two companies offering remote clairvoyance services a total of €400,000—€250,000 for Cosmospace and €150,000 for Telemaque—for breaches including excessive data retention, failure to obtain explicit consent for sensitive data processing, and non-compliance with marketing consent rules. These decisions serve as a reminder for businesses to evaluate their data protection policies to avoid costly penalties and maintain consumer trust.
CPPA Continues Rulemaking on AI, the New Delete Request and Opt-Out Platform (DROP), Cybersecurity Audits and Privacy Risk Assessments
The California Privacy Protection Agency (CPPA) has released the agenda for its upcoming public board meeting on October 4, 2024. This meeting is set to cover important regulatory and enforcement matters related to the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
Here’s a breakdown of the substantive agenda:
California Legislature Passes Generative AI Training Data Transparency Bill (UPDATED)
The California legislature recently passed Assembly Bill 2013 (AB 2013) on August 27, 2024, a measure aimed at enhancing transparency in AI training and development. If signed into law by Governor Gavin Newsom, developers of generative AI systems or services that are made available to Californians would be required to disclose significant information on the data used to train such AI systems or services. This, in turn, may raise novel compliance burdens for AI providers as well as unique challenges for customers in interpreting the information.
Regulation Evolves to Address Deepfakes, Robocalls and More
While major legal cases involving AI have largely focused on copyright issues, few cases thus far have directly addressed truthful advertising of AI products and AI-generated content. Indeed, the ease with which consumers and the public can be deceived by AI, as well as the fear of mal-intentioned interference in political elections, has underscored the urgency of considering legislation and regulations that are capable of addressing these issues directly.
In Truth-in-AI and Robo-Deception: How Regulation Is Evolving to Address Deepfakes, Robocalls and More to Avoid the Erosion of Consumer Trust, colleagues Marcus Leonard, Shani Rivaux and Sam Eichner discuss the evolving legislation and regulations that will address these issues directly.
The UK Introduces Tougher Penalties for Consumer Protection Breaches
In May 2024 the UK passed the new Digital Markets, Competition and Consumers Act (DMCC). Amongst other changes, the DMCC grants the UK Competition and Markets Authority (CMA) new powers to directly impose fines of up to 10% of a business’s global turnover for consumer protection breaches and to issue notices requiring changes to online interfaces, significantly enhancing the CMA’s enforcement capabilities.
New Report Latest to Cast Uncertainty over EU-U.S. Data Privacy Framework
A new report issued in May 2024 by the Centre for European Policy Studies (CEPS), an independent thinktank, is the latest development to cause concerns over the EU-U.S. Data Privacy Framework (DPF), predicting that it will likely fail if challenged before the Court of Justice of the European Union (CJEU).
From Encryption to Employment, U.S. Federal Agencies Brace for the Effects of Quantum Computing, AI and More
In this week’s edition of Consumer Protection Dispatch, we look at the latest regulatory developments from the U.S. Department of Commerce, Consumer Financial Protection Bureau, and the Securities and Exchange Commission regarding data and AI.
Consumer Protection Dispatch: The Latest Developments in the World of Consumer Protection (5/22/24)
(The Consumer Protection Dispatch summarizes industry news and updates on emerging issues involving a variety of consumer protection issues including, but not limited to, data and AI.)
This week’s edition includes latest developments relating to AI laws passed by Colorado, Tennessee and Utah, U.S. Senate bipartisan working group on AI, a new privacy bill from Vermont and a new privacy law from Maryland, a new Colorado law protecting neural data, and updates from the California Privacy Protection Agency.