DOJ received industry requests this month to scrutinize the Maryland Online Data Privacy Act (MODPA) and other state privacy measures as possibly burdening interstate commerce. The closely watched Maryland legislation takes effect Oct. 1. The chief privacy officer of one company that flagged MODPA told Privacy Daily that his business' main concern is the part of the law's unique data minimization requirement that bans sale of precise location data.
AI Privacy
AI privacy concerns are growing as copyrighted works and personal data are used to train, optimize and operate machine learning systems. From facial recognition to inference risks, AI applications often test the limits of existing privacy laws. Regulators worldwide are developing safeguards to govern data use, bias, transparency and consent in AI development. This page tracks legislation, regulatory frameworks and enforcement actions at the intersection of AI and data protection.
Be careful when using AI to generate privacy complaints and inquiries, the Danish Data Protection Authority cautioned Monday.
Sen. Ron Wyden, D-Ore., and Rep. Yvette Clarke, D-N.Y., on Friday reintroduced legislation meant to increase transparency into automated decisions impacting housing, employment, credit and education.
A software industry group sought veto of two California AI bills this week. In letters dated Wednesday, the Software and Industry Information Association (SIIA) urged Gov. Gavin Newsom (D) to reject bills aimed at regulating frontier AI (SB-53) and kids' usage of chatbots (AB-1064) that passed the state legislature last week (see 2509150026 and 2509120037).
While not every state privacy bill becomes law, it’s important to look for trends in what’s being proposed across the U.S., privacy lawyers said during the Risk Digital virtual conference Thursday. They also said to keep an eye on class actions and watch for privacy rules that might be tucked into other kinds of laws.
BOSTON -- Connecticut and Virginia are rethinking their approaches to comprehensive AI regulation in order to pass legislation that failed in 2025, Connecticut Sen. James Maroney (D) and Virginia Del. Michelle Lopes Maldonado (D) said Friday at the IAPP AI Governance conference.
There remains great uncertainty over how aggressively the federal government will try to preempt state AI regulations under the Trump administration’s AI Action Plan, said Robert McBlain, global data protection and AI compliance lead at consultancy Thoughtworks.
BOSTON -- DOJ is revising its AI strategy and expects to publish it soon, said Christina Baptista, senior counsel for the Office of Privacy and Civil Liberties, during a panel Thursday at the IAPP AI Governance Global North America.
While both the EU and U.K. use legitimate interest as a basis for processing personal data, the U.K. Data Use and Access Act (DUAA) has introduced "something interesting" -- a more flexible standard that can reduce administrative burden in some cases, said Daniel Vinerean, managing director of law firm David and Baias, during a webinar Thursday.
Kmart Australia violated customers' privacy by indiscriminately collecting their personal and sensitive data with facial recognition technology (FRT) in an operation designed to tackle refund fraud, Privacy Commissioner Carly Kind announced Thursday.