On October 22, 2024, the Consumer Financial Protection Bureau (“CFPB”) issued its final rule implementing Section 1033 of the Dodd-Frank Act (the “Final Rule” or the “Open Banking Rule”), granting consumers greater access rights to the data their financial institutions hold. Although there are some differences, the Final Rule largely tracks the Proposed Rule announced
Uncategorized
Court Denies Class Certification in VPPA Case
In a recent decision from the Southern District of Florida, U.S. District Judge Robert N. Scola, Jr. denied class certification of a proposed class of paid Univision NOW subscribers who assert that Univision NOW’s use of the Meta Pixel violates the Video Privacy Protection Act (VPPA). The three proposed class representatives allege D2C, LLC, doing…
CFPB Issues New Rule for Recognizing Open Banking Standards
The Consumer Financial Protection Bureau (CFPB) has launched the process for independent standard-setting bodies to receive formal recognition, as part of its efforts to shift towards open banking in the United States.
On June 5, 2024, the CFPB finalized a rule outlining the minimum attributes that standard-setting bodies must exhibit to issue standards in compliance…
FTC Probes Reddit Proposal to License User Content for AI Training
In a regulatory filing, Reddit announced that the FTC is probing Reddit’s proposal to sell, license and share user-generated content with third parties to train artificial intelligence (AI) models. This move underscores the growing scrutiny over how online platforms harness the vast amounts of data they collect, particularly in the context of AI development. …
43 AGs Urge FTC to Update Child Online Privacy Rules
On March 7, 2024, a bipartisan coalition of 43 state attorneys general sent to the Federal Trade Commission (“FTC”) a letter urging the FTC to update the regulations (“COPPA Rules”) implementing the Children’s Online Privacy Protection Act (“COPPA”).
Through regulations known as the “COPPA Rule,” state attorneys general are authorized to bring actions as parens…
FTC Authorizes use of Compulsory Process in AI Investigations
On November 21, the Federal Trade Commission (“FTC”) approved in a 3-0 vote a resolution authorizing the use of compulsory process in nonpublic investigations involving products and services that involve or claim to involve Artificial Intelligence (AI).
Compulsory process is akin to a subpoena, and it allows the FTC to request the production of information…
The Practical and Legal Complexities of Online Age Verification
One of the most significant trends in privacy law this year has been the surge in online child protection laws in U.S. states. In a recent article for the Cybersecurity Law Report , Ballard Spahr privacy attorneys Phil Yannella, Greg Szewczyk, Tim Dickens and Emily Klode explore the legal and practical complexities associated with these…
EU AI Act Clears Another Hurdle
The European Parliament has approved a revised version of the EU Artificial Intelligence Act (AIA), which appears to be on a path to adoption by the EU later this year. The AIA is the most comprehensive legislation in the world to address the risks associated with the use of artificial intelligence. A final version of…
Kansas Passes an Act Requiring Mortgage Companies, Supervised Lender, and Money Transmitters to Create Information Security Standards Consistent with GLBA’s Consumer Information Safeguard Rule
On April 24, the Governor of Kansas signed into law Kansas Senate Bill 44, which enacts the Financial Institutions Information Security Act (the “Act”). The Act requires credit services organizations, mortgage companies, supervised lenders, money transmitters, trust companies, and technology-enabled fiduciary financial institutions to comply with the requirements of the GLBA’s Safeguards Rule, as…
Washington State Poised to Pass Consumer Health Privacy Law
The State of Washington appears close to enacting a new law that regulates the privacy of consumer health information. If passed, the new law – the My Health My Data Act (MHMDA) –would take effect March 31, 2024 and apply to non-governmental entities that collect, process, share, or sell health information that can be linked…