A tranche of 64,000 U.S. government records related to the assassination of former President John F. Kennedy reportedly contained sensitive personally identifiable information of individuals still living, The New York Times reports. Typically, when government records are released, personal data, like Social Security numbers, are scrubbed from documents.
Privacy litigation is growing more prevalent in the U.S., with individuals finding success in arguing their claims or securing favorable settlements to avoid proceedings. In the third of a six-part IAPP series on litigation trends, IAPP Westin Fellow C Kibby analyzes case law concerning security breaches.Full story
Navigating the sprawling U.S. state privacy law landscape is beginning to resemble the view a person sees looking through a "kaleidoscope" due to differing and unique requirements contained in various statutes, IAPP Principal Researcher for Privacy Law and Policy Müge Fazlioglu, CIPP/E, CIPP/US writes. She offers an overview of the prospects of a federal privacy law passing in 2025, as well as enforcement and legislative trends for new state AI and privacy bills.Full story
IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, offers his take on the latest privacy and AI governance developments in the nation's capital and around the U.S. This week, he analyzes the U.S. legal precedent for future changes to cross-border data rules without congressional action.Full story
The U.S. District Court for the District of Maryland blocked the Department of Government Efficiency from accessing sensitive data held by the U.S. Social Security Administration and ordered it to destroy any nonanonymized data it may have acquired, Politico reports. The judge also barred DOGE from installing additional software into the SSA's systems.
The European Data Protection Board's recent opinion on the anonymity of AI models could have an impact on company policies and implementation of AI systems. MyData-TRUST Data Project Manager Christina Varytimidou, AIGP, CIPP/E, CIPM, said organizations should consider a "granular approach, with the creation of different assessments for different AI models depending on the level of risk raised during the AI model deployment to the data subjects."Full story
Privacy and competition walk into a bar, but they don't use the same door. Where do they meet, asks IAPP Managing Director, Europe, Isabelle Roccia, CIPP/E. She highlights regulators' review of pay-or-consent models, including the investigation into Meta's pay-or-consent model under the Digital Markets Act, which requires gatekeepers to obtain consent from users when they intend to combine or cross-use their personal data.
Advocacy group NOYB filed a complaint to Norway's data protection authority, Datatilsynet, alleging OpenAI's ChatGPT hallucinated, resulting in harmful and incorrect information about a user, Politico reports. NOYB data protection lawyer Joakim Söderberg said ChatGPT's disclaimer warning users' information could be inaccurate is not enough.Full story
The European Commission said it will take action if Hungary's government uses facial recognition technology to identify participants in LGBTQ+ demonstrations, Euractiv reports. The use of the recognition software during an ongoing protest, a provision of a recently passed law banning such activities, would be a violation of the EU AI Act, according to a Commission spokesperson.Full story
The Nigeria Data Protection Commission published its final directive on how to comply with the Data Protection Act. The guidance focuses on the scope of the law and data controller requirements for lawful personal data processing.Full story