A quick read of Washington’s My Health My Data Backdrop: Enacted in reaction to the US Supreme Court’s decision overturning a federal right to abortion. Guarantees Washington residents some of the broadest health information privacy protections in the nation. Tl;dr: The law prohibits covered entities from collecting or selling health data that can be tied […]
US Courts on Emerging Privacy Tech- Session Replay, Pixels, Chatbots – Series 1
Chat Wiretapping Case Case 1 In the first, the plaintiff alleged the messages were first routed through the third-party’s server to “analyze and collect customer support-agent interactions in real-time” and that the third-party’s parent (a well-known social media company) identified “user interests” by monitoring a collection of offsite user activity and generated revenue by selling […]
FTC Guidance in the Avast Case: Selling and Collecting Data Deceptively!
– The #FTC found that Avast anonymization measures were insufficient to prevent re-identification. Even when contracts contained prohibitions on re-identification, the language allowed customers to join their first-party data to the data purchased from Avast. – FTC has confirmed that anonymized has a concrete technical definition consistent with the de-identified and anonymized data exemptions in state & […]
States that have Introduced Biometric Laws
A quick summary of Biometric laws that have been introduced in each state
Doordash fined under CCPA and CalOPPA
Summary: California Attorney General Rob Bonta announced a settlement with DoorDash, resolving allegations that the company violated the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA). The investigation by the California Department of Justice found that DoorDash sold its California customers’ personal information without providing notice or an opportunity to opt out of […]
Rite Aid, FTC & AI Facial Recognition Tech
Quick Summary: Rite Aid banned from using AI facial recognition technology(FRT) for 5 years under a proposed settlement of Federal Trade Commission charges. FTC’s Allegation: The FTC alleged that Rite Aid failed to implement reasonable procedures and prevent harm to consumers with “reckless” use of facial recognition technology which “disproportionately impacted people of color.” Proposed Order […]
California announces draft regulations on Automated Decision-Making Tech
California Privacy Protection Agency announced draft regulations around automated decision-making technologies (ADMT). A quick summary below- When will you be covered? Businesses using ADMT in the following ways will be covered- New Consumer Protection on the Use of ADMT For the above uses of ADMT, the draft regulations would provide consumers with the following protections: […]
Does CMIA (Confidentiality of Medical Information Act) apply to you?
What is CMIA: The Confidentiality of Medical Information Act (CMIA) is a California law that protects the confidentiality of individually identifiable medical information obtained by healthcare providers, health insurers, and their contractors. Who does it apply to? Medical Information under CMIA: Medical information is defined as: “any individually identifiable information, in electronic or physical form, in […]
California Data Broker Act
What will this Law do? Who’s a Data Broker? Who’s NOT a Data Broker? The Data Broker Law sets out several exceptions to the definition of “data broker.” The following are not data brokers: Companies covered by one or more of the above laws will not need to comply with the Data Broker Law, even […]
First GDPR fine on Dark Pattern
The Italian Data Protection Authority (DPA), the Garante, has sanctioned the use of dark patterns to collect personal data for the first time under the terms of the GDPR. What are dark patterns? Deceptive patterns (also known as “dark patterns”) are tricks used in websites and apps that make you do things that you didn’t […]