artificial intelligence

Much of the focus on US privacy has been US state laws, and the potential of a federal privacy law. This focus can lead one to forget, however, that US privacy and data security law follows a patchwork approach both at a state level and a federal level. “Comprehensive” privacy laws are thus only one piece of the puzzle. There are federal and state privacy and security laws that apply based on a company’s (1) industry (financial services, health care, telecommunications, gaming, etc.), (2) activity (making calls, sending emails, collecting information at point of purchase, etc.), and (3) the type of individual from whom information is being collected (children, students, employees, etc.). There have been developments this year in each of these areas.Continue Reading Mid-Year Recap: Think Beyond US State Laws!

Tennessee recently amended its 1984 right of publicity statute with passage of the ELVIS Act. The existing law already protected individuals’ rights in their image and likeness. As amended, the statute will specifically call out voice as another protected element. It will become the first right of publicity statute to address copying someone’s likeness or voice with AI technologies in two ways.Continue Reading Tennessee’s ELVIS Act Incorporates AI Considerations into Right of Publicity Protections

The Utah legislature has been busy, with another law effective May 1. This one is “privacy adjacent” but worth keeping in mind. The law, the Artificial Intelligence Policy Act, was signed into law in March. Among other things, it will require companies to respond “clearly and conspicuously” to an individual who asks if they are interacting with artificial intelligence and the communications are made in connection with laws regulated by the Utah department of commerce. (This includes the Utah Privacy Act, the state’s sales practices law, its telephone solicitation laws, and many others.)Continue Reading Utah’s New AI Disclosure Requirements Effective May 1

The Department of Health & Human Services through the Office of the National Coordinator for Health Information Technology recently updated the process for certification of health information technology. Some of the modifications are intended to address use of artificial intelligence in health IT systems. ONC’s certification is required for certain programs, such as where the health IT will be used for Medicare and Medicaid Incentive programs. It is optional for others. Those who are already certified will need to update their certifications. Those seeking new certifications will be subject to the new process.Continue Reading Out in the Open: HHS’s New AI Transparency Rule

Earlier this month, accompanying an update to a rule prohibiting the impersonation of businesses and governments, the FTC sought comments on extending the rule to prohibit impersonation of individuals. The agency indicated that it is considering expanding the rule as the result of rising complaints around “impersonation fraud,” especially those generated by AI. Comments are due by April 30, 2024.Continue Reading FTC Seeks Comments on AI Impersonation Rules

The UK Information Commissioner’s Office recently reported that it is continuing its review of website cookie banners. It had expressed concern late last year that these banners were not giving “fair choices” because they did not make it as easy for users to reject all advertising cookies as it was for users to accept all. The ICO reached out to 53 companies and has now indicated that it will be reaching out to more companies: 100 at a time. To conduct its review, it will run a hackathon this year to develop an AI tool to comb the web for “noncompliant” banners.Continue Reading UK ICO Uses AI In Cookie Banner Review

Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance with eight underlying principles. The order, while directed to government agencies, will impact businesses as well. In particular, the order has privacy and cybersecurity impacts on companies’ use of artificial intelligence. Among other things, companies should keep in mind the following:Continue Reading What Is the Privacy Impact of the White House AI Order for Businesses?

The FTC continues its focus and concern on use of technologies that integrate artificial intelligence, this time turning to potential consumer harm with voice cloning technology. Today the commission announced a challenge looking for solutions to help monitor and prevent malicious voice cloning. In the announcement, the FTC pointed to current scams where threat actors use cloned voices -created using AI tools- to conduct scams. For example, money requests from a person’s “relative.” The winner will receive a $25,000 prize, and entries will be accepted in the first weeks of January.Continue Reading FTC Vocalizes AI Voice Cloning Challenge

X Corp., the company formerly known as Twitter, recently sued Bright Data over its site scraping activities. Bright Data is a data collection company and advertises—among other services—its “website scraping” solutions. Scraping is not new, nor are lawsuits attempting to stop the activity. We may, though, see a rise in these suits with the rise in companies using them in conjunction with generative AI tools.Continue Reading Scraping the Bottom of the Barrel: X Corp. Sues Bright Data Over Site Scraping

As many who are keeping track of generative AI developments are aware, the FTC recently announced that it is investigating OpenAI’s ChatGPT product. For the privacy practitioner this investigation is important given that among other things, the agency wants to understand better how OpenAI is using personal information, and if its privacy representations are sufficient.Continue Reading OpenAI – FTC OpensAnInvestigation