On November 12, 2024, the Consumer Financial Protection Bureau (CFPB) released a report examining the carve outs and limitations contained in comprehensive state privacy laws relating to financial institutions. In an accompanying press release, the CFPB stated that in its assessment, “privacy protections for financial information now lag behind safeguards in other sectors of
Kelsey Fayer
CPPA Announces Settlements with Data Brokers for Failure to Register Under the Delete Act
On November 14, 2024, the California Privacy Protection Agency (“CPPA”), which is tasked with enforcing the California Consumer Privacy Act (the “CCPA”), announced it settled with two data brokers, Growbots, Inc. and UpLead LLC, for failing to register and pay required fees under Senate Bill 362, also known as the Delete Act. The companies will…
The FTC Announces New Enforcement Actions Against Certain Businesses for Engaging in “Deceptive AI” Practices
As part of a new enforcement initiative called “Operation AI Comply,” the FTC recently announced that it has brought the following five enforcement actions against businesses that use or sell AI tools in a manner that the FTC has alleged is deceptive and unfair:
- DoNotPay. The FTC brought suit against DoNotPay, which had claimed
BIPA Amendment Enacted
On August 5, 2024, Illinois Governor J.B. Pritzker signed into law SB 2979, significantly amending the state’s Biometric Information Privacy Act (BIPA). This update represents a considerable decrease in the potential for exorbitant financial liabilities for businesses that engage with biometric data while still maintaining the statute’s robust protections for individuals’ biometric data. The…
CPPA’s Enforcement Update: New Regulations and Focus Areas
The California Privacy Protection Agency (“CPPA”) discussed at its July 16 meeting new enforcement focuses in addition to current goals. While the new focuses are largely in line with general trends, they also serve as a reminder that specific and nuanced compliance decisions can make a big difference.
As the CPPA has made clear in…
CFPB Issues New Rule for Recognizing Open Banking Standards
The Consumer Financial Protection Bureau (CFPB) has launched the process for independent standard-setting bodies to receive formal recognition, as part of its efforts to shift towards open banking in the United States.
On June 5, 2024, the CFPB finalized a rule outlining the minimum attributes that standard-setting bodies must exhibit to issue standards in compliance…
Colorado Passes AI Regulation
Colorado has become the first state to pass legislation (SB24-205) regulating the use of artificial intelligence (AI) within the United States. This legislation is designed to address the influence and implications, ethically, legally, and socially, of AI technology across various sectors.
Any person doing business in Colorado, including developers or deployers of high-risk…
FTC Probes Reddit Proposal to License User Content for AI Training
In a regulatory filing, Reddit announced that the FTC is probing Reddit’s proposal to sell, license and share user-generated content with third parties to train artificial intelligence (AI) models. This move underscores the growing scrutiny over how online platforms harness the vast amounts of data they collect, particularly in the context of AI development. …
Webinar Recording – Your Data, My Headache: Consumer Health Data Laws
FTC Warns That “Quietly Changing” Privacy Policies May Be an Unfair or Deceptive Practice
The FTC published guidance warning companies that “[i]t may be unfair or deceptive for a company to adopt more permissive data practices—for example, to start sharing consumers’ data with third parties or using that data for AI training—and only inform consumers of this change through a surreptitious, retroactive amendment to its terms of service or…