The past year set up a clear clash between federal deregulatory efforts and state-level AI rulemaking, and 2026 is poised to be the year that conflict materializes in earnest. The Trump Administration signaled a strong preference for scaling back AI-specific rules while exploring avenues to preempt state and local measures, even as a growing number
On November 16th, the Federal Communications Commission (“FCC”) and Federal Trade Commission (“FTC”) announced new independent initiatives regarding the use and implications of AI technologies on consumers in the context of telephone and voice communications. Learn more about these initiatives on our sister blog, the Consumer Finance Monitor.
Introduction
Section 230 immunity, which long has protected entities that host online platforms from liability for their users’ actions, may be significantly cut back. Although the U.S. Supreme Court recently declined to hear Doe v. Facebook, which would have given it an opportunity to clarify and/or narrow existing interpretations of Section 230, there are calls from members of Congress to amend the law, in addition to agreement from executive agencies to do so. Section 230 may be amended further to create a duty of reasonable care, particularly with respect to online trafficking and child exploitation. Even in the absence of legislative change, lower courts have begun and may continue to chip away at what previously was considered Section 230’s broad immunity.
Continue Reading Trafficking and Child Exploitation Online: The Growing Responsibilities of Online Platforms
Assaults on Section 230 of the Communications Decency Act (the “CDA”)—which shields online platforms from civil liability for third party content on their services—are abundant these days. On October 15, 2020, FCC Chairman Ajit Pai announced that his agency, at the request of President Trump, will draft rules explaining when platforms’ efforts to moderate user-posted
The Illinois Supreme Court held on January 25, 2019, that plaintiffs filing suit under the Biometric Information Privacy Act—which regulates how private entities disclose and discard biometric identifiers—do not need actual damages for standing. The decision has serious implications for companies collecting biometric data from Illinois residents.
The Act provides a private right of action to individuals “aggrieved” by any violation, allowing them to seek, among other remedies, liquidated or actual damages, attorneys’ fees, and costs. However, there has been widespread uncertainty as to whether an aggrieved individual asserting a private action under the Act needed to show that he or she suffered an actual injury as a result of an alleged violation, or if a violation of the Act in and of itself conveys standing.
Continue Reading Illinois Supreme Court: No ‘Actual Harm’ Required for Biometric Information Privacy Act Claims
The online world is increasingly shaped by forces beyond our control. Algorithmic processing agents are used by a wide range of web publishers, online retailers and social media companies to determine the kinds of stories that are feature to online readers, the advertisements that are targeted to online shoppers, and the search results they see,
Last week, the Office of the Comptroller of the Currency (“OCC”) published the Spring 2018 Semiannual Risk Perspective (the “Report”), which uses up-to-date data to identify risks to U.S. banks and measure their compliance with applicable laws and regulations. The Report concluded that some of the OCC’s primary concerns are with the elevation in operational risk “as banks adapt business models, transform technology and operating processes, and respond to evolving cyber threats.” The Report also focused on elevated compliance risk associated with bank efforts to “manage money-laundering risks in a complex environment.”
Many of the OCC’s observations and recommendations remained the same from its Fall 2017 report, leaving readers to wonder what will spur less conversation and potentially more action among OCC-supervised banks or concrete guidance by the OCC. Regardless, a common thread running throughout both reports is the potential risk presented to financial institutions by emerging technologies, which carry the simultaneous blessing and curse of greater business opportunities, but also greater operational and compliance risks.
Continue Reading OCC Semiannual Risk Perspective Highlights Cybersecurity, Fraud, Money Laundering Concerns
The U.S. Consumer Product Safety Commission (CPSC) recently announced that it will hold a hearing on May 16, 2018, to receive information on potential hazards with Internet of Things (IoT) products.
In its public notice, the CPSC explained that the “purpose of the public hearing . . . is to provide interested stakeholders a venue to discuss potential safety hazards created by a consumer product’s connection to IoT or other network-connected devices; the types of hazards (e.g., electrical, thermal, mechanical, chemical) related to the intended, unintended, or foreseeable misuse of consumer products because of an IoT connection; current standards development; industry best practices; and the proper role of the CPSC in addressing potential safety hazards with IoT-related products.” The notice also clarifies that the hearing “will not address personal data security or privacy implications of IoT devices.”
So why does this matter?
For those of you heading to Legaltech in New York next week, please join me and a great panel for what promises to be a lively discussion of hot topics in IoT and Mobile Discovery. I’ve been fortunate enough to have been included in Relativity’s session on this topic at a number of conferences, and
One challenging aspect of privacy and data security law is that technology is constantly evolving. The near and long term future of privacy and data security will be driven by emerging technologies that developers, legislators, businesses, and lawyers may not fully understand for years to come. Last year saw a surge in technologies enabling companies to collect and analyze increasing amounts of consumer data as well as the development of technologies enabling consumers to better protect their privacy. Just as the development of new technologies is inevitable, so too is the rise of potential ways in which those technologies can be misused, which in turn provokes a legislative and regulatory response. The cycle never ends.
To help privacy and data security professionals keep pace with these changes, we will be providing regular updates throughout the course of the year on the development of emerging technologies, as well as legislation and regulation regarding privacy and data security. We begin with a review of recent developments in the Internet of Things and biometric technologies, and offer some predictions on legal and business changes to look for in 2018.
INTERNET OF THINGS (IoT)