These are the top 10 things you need to know from the world of privacy last month, as compiled by me.
- Texas means business when it comes to biometrics. The Texas Attorney General recently secured a $1.4 billion settlement from Meta stemming from the state’s “Capture or Use of Biometric Identifier” Act (CUBI). If you are using biometric data ( in the workplace or otherwise), you must have things like: a notice, written acknowledgement, DPIA, and a retention plan.
- State Attorney General Offices are coming after your website tracking, even if their states don’t have a state privacy law. Don’t believe me? Just look at New York.
- FTC and hash. The FTC recently issued new guidance that hashes aren’t “anonymous.”
- No one expects the Spanish Inquisition … or a pixel behind a log in. It can be a data breach, a HIPAA breach, or an unfair or deceptive practice. Swedish DPA Integritetsskyddsmyndigheten recently fined Avanza bank $1.4 million for it.
- HHS issues guidance on age appropriate design measures.
- KOSPA (which is KOSA + COPPA 2.0) passed the Senate. If sign into law, it would impose several obligations regarding Data of under 17s; duty of care in design; parental controls; and privacy tools. There also are new provisions regarding “opaque algorithms.”
- FTC issues guidance on surveillance pricing.
- CNIL issued a 7000 Euro fine, plus an injunction, plus a daily fine of 150EUR/day on a controller for having failed to appoint a DPO.
- Latvia DPA issues guidance on common mistakes of controllers that lead to most of the complaints it receives.
- Much ado about deepfakes. California Governor Newsom says he will sign a law regulating use of deepfakes. FTC already says that if it’s unfair and deceptive without AI, it’s also unfair and deceptive with AI. FCC issues NPRM requiring an on-air announcement re use of deepfakes in television or radio political ads that use AI generated content. UK Ofcom issues publication on tackling deepfakes.