Uncommon and broadly applicable data minimization requirements in the Maryland Online Data Privacy Act (MODPA) could pose major compliance challenges for companies when the law takes effect Wednesday, privacy attorneys representing businesses said in interviews. Some advertisers could opt out of the Maryland market rather than comply with the state's comprehensive privacy law, said David LeDuc, Network Advertising Initiative (NAI) public policy vice president.
Biometric Privacy
Biometric privacy laws regulate how companies handle sensitive personal identifiers like facial scans, fingerprints and voiceprints. In the U.S., Illinois’ BIPA has led to landmark litigation and multimillion-dollar settlements, setting a precedent for consent, data retention and security standards. Other states and countries are following suit with their own biometric requirements. This page covers key lawsuits, regulatory action and compliance best practices in the biometrics space.
The FCC’s Communications Security, Reliability and Interoperability Council (CSRIC) unanimously approved a report Thursday on “best practices” for the FCC and industry on the ethical and practical use of AI and machine learning (ML). The report, which examines privacy and new risks for telecom networks, wasn’t released Thursday.
Even without a private right of action, a Massachusetts comprehensive privacy bill nearing a Senate floor vote could still be the strongest of about 20 states with such laws, Electronic Privacy Information Center (EPIC) Deputy Director Caitriona Fitzgerald said in an interview Friday. While legislators previously cut the right for individuals to sue -- limiting enforcement authority to the Massachusetts’ attorney general -- they kept data minimization requirements like those from Maryland’s privacy law.
A proposed agreement with the U.S. for sharing personal data for border and immigration control "must be accompanied by comprehensive and effective safeguards," the European Data Protection Supervisor said in an opinion Thursday.
Kmart Australia violated customers' privacy by indiscriminately collecting their personal and sensitive data with facial recognition technology (FRT) in an operation designed to tackle refund fraud, Privacy Commissioner Carly Kind announced Thursday.
The growing use of voice recognition technologies in the public and private sectors is prompting data protection and regulatory concerns, an advisory body, the U.K. Biometrics & Forensics Ethics Group (BFEG), and a privacy consultant said.
Businesses defending themselves against charges under the California Invasion of Privacy Act (CIPA) sometimes find that exclusions and limitations in their insurance policies for cyber or commercial general liability (CGL) leave them exposed, attorney Kathryn Rattigan said in a blog post Thursday. For CIPA claims, her key takeaway is "don’t assume your insurance will cover [a] privacy lawsuit," the Robinson+Cole lawyer added.
Age-estimation technology and its role in reducing regulatory burden is gaining attention in industry and data privacy circles, an official with BBB National Programs said Friday.
Draft regulations to implement the New Jersey Data Protection Act (NJDPA) may exceed the statute, said advertising, tech industry and news media groups in comments to the New Jersey attorney general’s office’s Division of Consumer Affairs. They suggested that New Jersey try to align more closely with other states that have comprehensive privacy laws.
A federal judge dismissed several claims against Chinese technology company ByteDance, including that it violated the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA) and the California Invasion of Privacy Act (CIPA). But in the Friday ruling, U.S. District Court for Northern Illinois Judge Georgia Alexakis allowed a claim ByteDance violated the Biometric Information Privacy Act (BIPA), as well as the restitution and unjust enrichment claim against the company, to continue in the privacy case.