Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
Even without a private right of action, a Massachusetts comprehensive privacy bill nearing a Senate floor vote could still be the strongest of about 20 states with such laws, Electronic Privacy Information Center (EPIC) Deputy Director Caitriona Fitzgerald said in an interview Friday. While legislators previously cut the right for individuals to sue -- limiting enforcement authority to the Massachusetts’ attorney general -- they kept data minimization requirements like those from Maryland’s privacy law.
Massachusetts legislators removed a private right of action from a leading comprehensive privacy bill on Thursday.
BOSTON -- How a company communicates with privacy enforcers and responds to potential legal action are major factors in whether a formal, public settlement is issued, Tyler Bridegan, privacy and tech enforcement director in the Texas attorney general's office, said at the IAPP AI Governance conference Thursday.
Party leaders on the Senate Commerce Committee expect to meet next week to discuss AI and privacy issues, ranking member Maria Cantwell, D-Wash., told us Tuesday.
Many industries are sounding the alarm over proposed rules to implement the New Jersey Data Privacy Act. In comments submitted by the Sept. 2 deadline, industry officials said a draft by the attorney general’s Division of Consumer Affairs is too burdensome and exceeds what’s allowed under the NJDPA and other laws. On the flip side, several consumer privacy advocates suggested that the state legislature should overhaul the law itself to make it far stricter.
While there are state and federal protections for sensitive data, a comprehensive privacy framework at the federal level is needed to ensure all modes of data sharing are transparent, legal and regulated, panelists said Wednesday. They spoke during a Center for Democracy and Technology (CDT) webinar about the federal government’s recent attempts to access state data.
NetChoice raised constitutional concerns Wednesday with Colorado's draft kids privacy regulations. Known for suing states over age-verification laws, the trade group and three other industry associations testified virtually at a Colorado Department of Law hearing on the same day as a deadline for written comments. “These rules will not survive a legal challenge,” said Patrick Hedger, NetChoice's policy director.
Maryland’s attorney general could make privacy rules despite lacking direct rulemaking authority from the Maryland Online Data Privacy Act (MODPA), WilmerHale’s Samuel Kane said Thursday during a webinar by Privado, a compliance vendor. That could tighten requirements under the state's comprehensive privacy law taking effect next month, the privacy attorney said. Meanwhile, MODPA is set to break ground for state privacy laws due to its unique data minimization provision, but companies can prepare now by more closely documenting how they use data, Kane said.
Software company PowerSchool’s failure to protect the personal information of almost 900,000 Texas schoolchildren and educators late last year was a violation of the Texas Deceptive Trade Practices Act and the Identity Theft Enforcement and Protection Act, alleged Attorney General Ken Paxton (R) in a lawsuit Wednesday (see 2509030050). Texas joined Tennessee (see 2505120026) and a class-action in California (see 2501220057) in suing the company over the incident.