Eye On Privacy

Timely Updates and Analysis on Privacy and Cybersecurity Issues

Subscribe via RSS
Visit Blog

Latest from Eye On Privacy - Page 4

AI-Blog-AI-Technology-660x283

The New Jersey AG and the Division on Civil Rights’ new guidance on algorithmic discrimination explains how AI tools might be used in ways that violate the New Jersey Law Against Discrimination. The law applies to employers in New Jersey, and some of its requirements overlap with new state “comprehensive” privacy laws. In particular, those laws’ requirements on automated decisionmaking. Those laws, however, typically do not apply in an employment context (with the exception of California). This New Jersey guidance (which mirrors what we are seeing in other states) is a reminder that privacy practitioners should keep in
Continue Reading New Jersey Discrimination Law Guide: Applicability of Existing Laws to AI Tools

Universal Blog Gavel Money

The California privacy regulator recently settled with a data broker (Key Marketing Advantage LLC) that it alleged had violated the state’s data broker law. Under the Delete Act, data brokers must, among other things, register annually by January 31 and pay an annual fee. According to the agency, the company failed to register or pay the fee. The broker agreed to pay $55,800 as part of the settlement.
Continue Reading New Year, Old Tradition: CPPA Focuses on Unregistered Data Brokers

Privacy-Secure-Info-Blog-Image-660x283

The Ninth Circuit continued the pause on California’s SB 976 (Protecting Our Kids from Social Media Addiction Act) as of late January 2025. The law was signed by Governor Newsom in September 2024, and challenged by NetChoice shortly thereafter.
Continue Reading California’s Kids’ Social Media Law Wrangling Continues, and Maryland Too!

Antitrust-Blog-Image-EU-2-660x283

Following a German case brought against the EU Commission, the EU General Court found that the Commission had made an improper transfer of personal information to the US. The plaintiff, a German citizen, alleged (among other things) that his information was sent through the EU Commission’s website to the US through an automated social media login option when he registered for a Commission event. He further alleged that this violated the government-agency equivalent of GDPR (EUDPR), as it occurred during a period in time when the Privacy Shield had been found inadequate, and the replacement program was not yet
Continue Reading EU Fines EU?!: Alleged Unlawful Data-Transfer Dust-Up

AI-Blog-AI-Policies-660x283

At the end of 2024 the Italian Data Protection Authority issued a 15 million euro fine in the first generative AI-related case brought under GDPR. According to Garante (the Italian authority), OpenAI trained ChatGPT with users’ personal data without first identifying a proper legal basis for the activity, as required under GDPR. The Order also alleges that OpenAI failed to notify Garante about a data breach the company experienced in March 2023. Additionally, the Order states that OpenAI did not provide proper age verification mechanisms for users under age 13. 
Continue Reading Don’t Forget the EU: Italy Issued First GenAI Fine of €15 Million Alleging GDPR Violations 

Eye-On-Privacy-2024-Year-In-Review-Blog-Image-0125

January brings us new year’s resolutions, and an opportunity to look back at the prior year. As we have done in years past (2023, 2022, 2021, 2020, 2019 and 2018), we have created a comprehensive resource of all our www.eyeonprivacy.com posts from 2024. Articles address new US state laws, artificial intelligence, data transfers, and more. As you move forward with your privacy program and risk management for 2025, we hope that this compilation of developments from 2024 is helpful. We hope that this is again a useful tool to help prepare for privacy and
Continue Reading Sheppard Mullin’s 2024 Eye on Privacy Year in Review

Privacy-Blog-Network-Security-660x283

The Colorado AG’s office adopted draft amendments to the Colorado Privacy Act rules last month. The adopted draft reflected input from the public to AG’s September 2024 version and addresses three key issues. First, on opinion letters and interpretive guidance from the AG. Second, changes resulting from the passage of a bill related to biometric (HB 24-1130) data. And third, a bill related to children’s (SB 24-041) privacy. (Both of which amend Colorado’s privacy law.)
Continue Reading Colorado Rolls Out Updated Privacy Rules Ahead of 2025 CPA Amendments

Privacy-Data-Blog-Image-660x283

As 2024 came to a close, New York Gov. Hochul signed two bills (A8872A and S2376B) amending New York’s data breach law. The modifications change both what constitutes personal information under the law, as well as modifying notification timing. The notice modification is now in effect; the change to the definition of personal information does not take effect until March 21, 2025.
Continue Reading New York Modifies Data Breach Law Heading Into 2025

Antitrust-Law-Blog-Image-FTC-660x283

The Federal Trade Commission recently settled complaints against two data brokers over their handling of consumers’ sensitive location information. The agency alleged that such practices constitute unfair practices. Under the settlement, both Gravy Analytics and Mobilewalla, agreed to stop using and selling sensitive consumer location data.
Continue Reading FTC Keeps Sights on Data Brokers that Sell Sensitive Location Sites

Entertainment-Digital-Media-Blog-Image-660x283

In an update to the original post, the Eleventh Circuit granted a reprieve to businesses worried the FCC’s “one-to-one” update to the TCPA Rule. The update was set to go into effect at the end of January, and according to the FCC would “close the lead generator loophole.” Specifically, it would have prohibited “generic consent.” Namely where people agree to be called by “affiliates,” “partners” or third parties. That prohibition would have been true even if those entities were specifically identified elsewhere. It would also have required consent from the individual to be called at a specific phone number, by
Continue Reading FCC’s One-to-One Consent Rule (UPDATED)

AI-Blog-AI-Policies-660x283

In the waning months of the current administration, the White House issued a memo setting forth actions focused on national security as directed in the AI Executive Order from last year. As a reminder, the order -while directed to government agencies- also had impacts on how businesses use of artificial intelligence.
Continue Reading ‘All Hands on Deck’ – White House Continues to Call on Agencies for AI National Security Plan

Privacy Image - Security

In the fifth in our series of California developments, we turn to data broker obligations. There are two of note. First, the California privacy agency is moving forward Delete Act regulations it proposed earlier this year. (Its board voted to move regulations addressing data broker requirements to the Office of Administrative Law for review and approval last month.) Second, it announced an investigative sweep of compliance with the Act.
Continue Reading California’s Privacy Regulator Had a Busy November, Data Broker Edition: What Does It Mean for Businesses?

Privacy-Blog-Network-Security-660x283

In the fourth in our series of new CCPA regulations from California, we look at both cybersecurity audit obligations as well as the impact of the CCPA on the insurance industry.
Continue Reading California’s Privacy Regulator Had a Busy November, Cybersecurity Audits and Insurance Edition: What Does It Mean for Businesses?

Universal-Blog-Cyber-Security-660x283

In the third in our series of new CCPA regulations from California, we look at obligations for conducting risk assessments under CCPA. CCPA had called on the California agency to promulgate rules to address such assessments, and when they would be needed.
Continue Reading California’s Privacy Regulator Had a Busy November, Risk Assessment Edition: What Does It Mean for Businesses?

In the Know Weekly

Receive weekly updates by email.