Businesses face a raft of incoming California regulations on automated decision-making technology (ADMT) from a variety of sources, but privacy lawyers said this week that resulting compliance plans need not be elaborate.
The California Privacy Protection Agency received final approval on automated decision-making technology (ADMT) and other rules from the Office of Administrative Law (OAL), the CPPA said Tuesday. Meanwhile, in materials released ahead of a Friday board meeting, the CPPA disclosed that it has seen a steady increase in consumer privacy complaints over the last two years.
DOJ received industry requests this month to scrutinize the Maryland Online Data Privacy Act (MODPA) and other state privacy measures as possibly burdening interstate commerce. The closely watched Maryland legislation takes effect Oct. 1. The chief privacy officer of one company that flagged MODPA told Privacy Daily that his business' main concern is the part of the law's unique data minimization requirement that bans sale of precise location data.
A Pennsylvania House panel punted for now on a bill protecting the personal information of public servants, similar to Daniel’s Law from neighboring New Jersey.
While not every state privacy bill becomes law, it’s important to look for trends in what’s being proposed across the U.S., privacy lawyers said during the Risk Digital virtual conference Thursday. They also said to keep an eye on class actions and watch for privacy rules that might be tucked into other kinds of laws.
Even without a private right of action, a Massachusetts comprehensive privacy bill nearing a Senate floor vote could still be the strongest of about 20 states with such laws, Electronic Privacy Information Center (EPIC) Deputy Director Caitriona Fitzgerald said in an interview Friday. While legislators previously cut the right for individuals to sue -- limiting enforcement authority to the Massachusetts’ attorney general -- they kept data minimization requirements like those from Maryland’s privacy law.
Marketers mustn’t take a reactive attitude to privacy compliance with enforcement heating up, said Lucas Long, InfoTrust head of global privacy, on a Thursday webinar hosted by the vendor Osano.
There remains great uncertainty over how aggressively the federal government will try to preempt state AI regulations under the Trump administration’s AI Action Plan, said Robert McBlain, global data protection and AI compliance lead at consultancy Thoughtworks.
Some groups seek assurances that they won’t be covered by rules implementing the New Jersey Data Privacy Act, according to comments submitted to the New Jersey attorney general’s Division of Consumer Affairs by Sept. 2. Many other business sectors urged the division to withdraw or significantly overhaul draft rules released last May (see 2509120009), according to comments obtained by Privacy Daily (part one, part two, part three).
The California legislature passed two bills on AI chatbots Thursday. Nearing the finish line are bills on automated decisions by employers and social media warning labels. The legislature passed measures earlier in the day on universal opt-out preference signals, data brokers and social media data deletion (see 2509110066).