Colorado Attorney General Phil Weiser issued a notice to organizations meeting certain criteria as data controllers under the Colorado Privacy Act. Beginning 1 July 2024, these organizations must offer consumers a universal opt-out mechanism for the sale of their personal data and processing of such information for targeted advertising.
South Korea's Personal Information Protection Committee published a guide for the new amendment to the Personal Information Protection Act, as well as an enforcement decree. Revisions to the PIPA include a requirement that private entities participate in dispute resolution, whereas prior to the new amendment, only public bodies were compelled to respond to citizen data protection complaints.Full story
The U.S. National Institute of Standards and Technology National Cybersecurity Center of Excellence released a report focusing on cybersecurity practices and suggestions for securing genomic data. The guidance aims to help organizations "assess, tailor, and prioritize their risk mitigation strategies and cyber investments for genomic data."Full story
MediaPost reports Meta asked a Washington, D.C., federal judge to determine if the U.S. Federal Trade Commission's ability to both investigate potential violations and issue rulings is unconstitutional. The argument is an escalation in the company's lawsuit against the FTC, which reopened a prior consent agreement concerning Meta's handling of children's privacy.Full story
Finland's Office of the Data Protection Ombudsman published notice of changes to the Data Protection Act and the Criminal Matters Data Protection Act. The updates account for changes to EU privacy laws and now require the Office of the Data Protection Ombudsman to either resolve a citizen data protection complaint or inform the party of the estimated time to complete a resolution within three months.Full story
Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, detailed its regulatory agenda for the 2023-2024 biennium. The agency moved up plans to review guidelines for national personal data privacy protection laws and developing regulation of disseminating governance decisions.
The U.S. Congressional Research Service issued a report highlighting the U.S. District Court for the Northern District of California's ongoing proceedings regarding whether the California Age-Appropriate Design Code Act violates the First Amendment. The CRS report to U.S. lawmakers highlighted how interpretations of online safety are "an evolving area of law." It noted how the CAADCA's provisions are "imported from the (U.K.
An Indiana University Bloomington Ph.D. candidate claimed he acquired email addresses using OpenAI's ChatGPT, The New York Times reports. Rui Zhu claimed he obtained the email addresses of more than 30 New York Times employees during an experiment using ChatGPT's GPT-3.5 Turbo model. The experiment showed users can "bypass the model's restrictions on responding to privacy-related queries," he said.
On 19 Dec., the U.S. Federal Trade Commission settled with Rite Aid pharmacies over the use of artificial intelligence facial recognition technology without reasonable safeguards.
For those following data protection and privacy developments, each year seems to bring with it a torrent of newsworthy items. This past year was no different. From a finalized EU-U.S. Data Privacy Framework, to major enforcement actions on Big Tech, to a panoply of new data protection laws in India and at least seven U.S. states, to the dramatic rise of AI governance, 2023 was as robust as ever.