A Texas judge has ruled in Am. Hosp. Ass’n v. Becerra that the Department of Health and Human Services (HHS) does not have the authority to restrict medical providers’ use of tracking technologies, aka “cookies” or “pixels.” The issue in the case was whether information gathered through the use of cookies, such as the IP address of a person’s device and their search activity on the medical provider’s website, qualifies as individually identifiable health information. The court concluded that it does not. |
Biometric laws continue to be a hot topic for both legislators and businesses. An increase in new laws, biometric privacy class action lawsuits, and arbitration along with an uptick in proposed legislation, prolific use by law enforcement, and widespread criticism of both facial and voice recognition technologies prove that biometrics will remain a hot topic for some time. | |
The latest draft of the American Privacy Rights Act (APRA) was released on June 20, 2024. Though sections concerning data minimization, universal op-out and deletion mechanisms, and privacy by design requirements remain intact, the “civil rights and algorithms” and “opt-out rights for consequential decisions” sections have been removed entirely.
The “civil rights and algorithms” section was perhaps the most glaring section to be excised from the legislation, as it would have mandated the implementation of standard AI governance practices and guaranteed certain civil rights when it comes to the collection or processing of personal information. The section on “opt-out rights for consequential decisions” mirrored state-specific privacy legislation that provides an opportunity to opt out of automated decision-making.
The bill’s latest revisions have garnered resounding pushback from groups including the ACLU, the Lawyers’ Committee for Civil Rights Under Law, and the Center for Democracy and Technology. Many fear that the legislation has been stripped of its most important civil rights protections and fundamentally weakens the American people’s overall digital privacy.
| |
LEGISLATIVE & REGULATORY UPDATE | | |
|
New York Enacts Laws to Protect Children and Teens From Social Media Risks
Tech Times
"In an era dominated by digital connectivity, concerns about children's safety and privacy on social media have sparked legislative action in New York and other states in the United States."
| | |
|
Understanding the CAIA: Colorado's Groundbreaking Approach to AI Regulation
National Law Review
"It’s The Colorado AI Act (CAIA will take effect on Feb 1, 2026, becoming the first comprehensive, risk-based approach to artificial intelligence (AI) regulation to be signed into law in the United States. This new legislation is intended to govern the use of AI systems in certain application by private sector developers and deployers, with a stated goal of ensuring transparency, consumer rights, and accountability."
| | |
|
CPPA Applauds Introduction of Bill to Expand Access to Opt-Out Preference Signals
California Privacy Protection Agency
"Assemblymember Josh Lowenthal introduced AB 3048, sponsored by the California Privacy Protection Agency, that would require browsers and devices to offer consumers the ability to exercise their privacy preferences through opt-out preference signals."
| | |
|
Minnesota sends comprehensive privacy bill to governor
iapp
"The Minnesota Legislature granted final passage 19 May to a wide-ranging omnibus bill containing the state's take on comprehensive privacy legislation. The bill covers entities controlling or processing personal data on 100,000 consumers or derive 25% of revenue from selling the data of more than 25,000 consumers."
| | |
|
Vermont Governor Vetoes Comprehensive Data Privacy Bill
Tech Policy.press
"On Thursday, June 13, 2024, Vermont Governor Phil Scott vetoed one of the most comprehensive consumer privacy bills the US has seen to date. The Vermont Data Privacy Act (H.121), or "an act relating to enhancing consumer privacy and the age-appropriate design code," will now return to the General Assembly, needing a two-thirds vote in each chamber to override the veto."
| | |
Alphabet hit with Austrian privacy complaint over alleged browser tracking
Reuters
"Alphabet's Google was hit with a complaint by Austrian advocacy group NOYB on Thursday for allegedly tracking users of its Chrome Web browser, an issue already on EU antitrust regulator's radar."
| |
| |
FTC refers TikTok children's privacy case to Justice Department
Politico
"The FTC announced on Tuesday that it is referring its investigation into TikTok to the Justice Department, with allegations that the social media app is violating children's privacy regulations."
| |
| |
|
Cyberattacks Disrupt Car Sales by Dealers in U.S. and Canada
The New York Times
"The attacks on a software provider, CDK Global, affect systems that store customer records and automate paperwork and data for sales and service."
| | |
|
About 165 orgs may have been affected in Snowflake incident
Axios
"Google Cloud's Mandiant said Monday it had notified approximately 165 organizations that their data may have been exposed in a recent cyber incident involving cloud computing company Snowflake."
| | |
|
Millions of users potentially hit by TEG ticket sales data breach
techradar pro
"Millions of people could be at risk of phishing and social engineering, after a threat actor advertised a huge database of TEG customers on a popular hacking forum."
| | |
|
Sav-Rx Discloses Data Breach Impacting 2.8 Million Americans
Bleeping Computer
"Prescription management company Sav-Rx is warning over 2.8 million people in the United States that it suffered a data breach, stating that their personal data was stolen in a 2023 cyberattack."
| | |
In this episode of PrivacyCafé, Richard Sheinis and Jade Davis invite guest Rachel Stuve, Senior Director at Elevance Health, to share her journey in data science and artificial intelligece, particularly in the health care sector. Rachel explores how AI is used, the best strategies for integrating AI, and the challenges and opportunities in adopting AI in health care and business.
|
| |
Richard Sheinis
Rich is a Certified Information Privacy Professional (CIPP-US) and a Certified Information Privacy Technologist (CIPT) through the International Association of Privacy Professionals (IAPP). He works with companies to investigate and respond to HIPAA and other data breaches, advises on regulatory compliance including HIPAA, COPPA, PCI DSS, cross-border data transfer, the EU-US Privacy Shield, and other global privacy regulations.
| | |
Jade Davis
Jade provides strategic privacy and cyber-preparedness compliance advice, and defends, counsels, and represents companies on privacy, global data security compliance, data breaches, and investigations. She advises companies on best practices in privacy, cybersecurity, data, mobile, cloud storage, Ad Tech privacy, Internet of Things, and other areas of regulatory compliance.
| | |
Joseph Stepina
Joseph is an Attorney in our Little Rock office where he focuses his practice on general liability, premises liability, products liability and data privacy and cybersecurity matters.
|
Lea McBryde
Lea is an Attorney in our Charlotte office, where she focuses her practice on data privacy and cybersecurity matters.
| | |
Savannah Avera
Savannah is an Attorney in our Atlanta office, where she protects the rights of clients in health care and cyberspace.
| | | | | |