As AI capabilities and applications continue to advance, the National Institute of Standards and Technology’s Artificial Intelligence Risk Management Framework has emerged as a vital tool for organizations to responsibly develop and use AI systems.
In recent years, both US state and federal legislatures have intensified efforts to enact laws aimed at safeguarding minors in the digital world. However, several court rulings have found that these legislative actions overstepped constitutional limits. This article highlights key legislative initiatives at the US federal level and in California and Texas to protect children and teenagers online, and lawsuits challenging the legality of the California and Texas measures, as of early September 2024.
In June 2024, the New York Assembly passed two bills that, if signed by the Governor, will impose extensive new requirements on companies operating in the state to enhance online protections for children. The first is the New York Child Data Protection Act, which imposes data minimization, consent and data processor agreement obligations on online services operators that actually know they collect minors’ personal information or target their services at minors. The second is the Stop Addictive Feeds Exploitation (SAFE) for Kids Act, which prohibits online service operators from providing minors with “addictive feeds” absent parental consent.
The latest edition of our Field Guide to Going Global helps you examine foreign law issues for taking business models, products and technology international. Our guidance should be helpful whether you are working for a start-up company or a large multinational enterprise that is broaching new frontiers.
Chapter 22.8 of the California Business and Professions Code imposes requirements on social media companies with annual gross revenues of USD 100 million or more to submit “terms of service reports” to the California Attorney General, with the first report due by 1 January 2024. The statute is currently the subject of a constitutional challenge, but covered companies should not delay preparing reports in case the lawsuit drags on or is unsuccessful.
During a LinkedIn Live session on 27 September 2023, IAPP Research and Insights Director Joe Jones discussed the latest regulatory law, policy and enforcement developments, and compliance considerations for children’s privacy in the EU, UK, and US with Baker McKenzie’s Elizabeth Denham, Lothar Determann and Jonathan Tam.
If you are a data broker or a business that relies on data brokers for targeted advertising, you should be aware that the California Data Broker Law will be significantly changed under the California Delete Act, which was signed into law by California Governor Newsom on 10 October 2023. Under the act, the California Privacy Protection Agency (CPPA) is required to set up, by 1 January 2026, an accessible deletion mechanism where consumers can request deletion via the CPPA that all data brokers then have to honor.
Following a five-year legislative process, India’s Digital Personal Data Protection Act (DPDP) received presidential assent on 11 August 2023. Practically speaking, the DPDP is not yet enforceable as the government still needs to establish the Data Protection Board of India (Board), which will serve as the enforcement authority for the law. The Board, in turn, must implement certain legally binding rules before the DPDP becomes fully operational.
Over the past few years, regulators around the world have stepped up enforcement of privacy laws that protect minors online. All companies that offer online services may find themselves in possession of minors’ personal data. And so, companies that take part online should consider some general recommendations, especially in light of the growing body of youth online privacy and safety laws.
Through The Employer Report blog, our lawyers provide legal updates and practical insights to help clients understand, prepare for and respond to the latest domestic and cross-border Labor and Employment issues affecting US and multinational employers.