The Federal Communications Commission (FCC) recently issued a unanimous Notice of Proposed Rulemaking and Notice of Inquiry targeting the use of AI-related technologies for communicating with consumers.1 In the proposed rule, the FCC seeks to impose a broad definition for AI technologies subject to the requirements of the Telephone Consumer Protection Act (TCPA). Companies using technology falling within the FCC’s proposed definition would be required to make certain disclosures under the TCPA to notify consumers that they are communicating with AI-technology. This proposal is the latest move by the FCC to tackle its largest source of consumer complaints: unwanted and illegal robocalls and robotexts.2 The proposed new rule may require companies to modify their current approach in engaging with consumers through AI-generated calls and/or texts, including potentially altering their current practices in collecting consent where necessary.Continue Reading FCC Issues Notice of Proposed Rulemaking Regarding the Use of AI-Generated Technologies for Consumer Communications

On August 14, 2024, the Federal Trade Commission (FTC) issued a final rule that prohibits publishing or trading in fake or misleading consumer reviews and testimonials, or engaging in other related deceptive promotional tactics. Notably, under the FTC’s new rule, the commission will be authorized to seek civil penalties against violators.Continue Reading FTC Issues Final Rule Banning Fake and Misleading Consumer Reviews and Testimonials

On August 16, 2024, the U.S. Court of Appeals for the Ninth Circuit issued an opinion partially upholding—and partially vacating—the District Court for the Northern District of California’s preliminary injunction preventing the California Age-Appropriate Design Code Act (CAADCA or the Act) from going into effect. Specifically, the Ninth Circuit upheld the district court’s injunction related to Data Protection Impact Assessment (DPIA) provisions while the district court further considers whether the remaining portions of the law are likely to be severable or unconstitutional on their own. Although the Ninth Circuit’s decision has not yet gone into effect, businesses subject to the CCPA may soon find themselves on the hook for complying with many provisions in the CAADCA.Continue Reading Ninth Circuit Ruling Paves the Way for California Age-Appropriate Design Code to Partially Come into Effect

On July 16, 2024, the California Privacy Protection Agency (CPPA) Board met to discuss advancing its over 200-page draft rulemaking package to formal proceedings.[1] The proposed regulations include 37 pages of significant new obligations spanning cybersecurity audits, automated decision-making technology (e.g., artificial intelligence, (AI)), privacy risk assessments, and 72 pages of other updates to existing regulations. Together, these regulations would create new compliance obligations for tens of thousands of California businesses and are preliminarily estimated to generate a staggering $4.2 billion in compliance costs for those businesses in their first year alone. Critically, these estimates do not include the many businesses that are based outside of California, yet subject to the California Consumer Privacy Act (CCPA) because they do business in California, meaning the real economic burden is likely to be far more significant.Continue Reading Substantial New CCPA Regulations Inch Closer to Reality: A Detailed Overview of the New Requirements and Their Projected $4 Billion Cost to California Businesses

On May 21, 2024, France adopted law No. 2024-449 to secure and regulate the digital space. This law grants new enforcement powers and authority to the French Data Protection Authority (CNIL), including to seize documents, record declarations during dawn raids, and enforce certain provisions of the Digital Services Act (DSA) and the Digital Governance Act (DGA).Continue Reading New Enforcement Powers for the French Data Protection Authority (CNIL)

In the first half of 2024, seven new states—Kentucky, Maryland, Minnesota, Nebraska, New Hampshire, New Jersey, and Rhode Island—all enacted their takes on comprehensive privacy laws, bringing the total number of states with such laws

Continue Reading Seven New States Join Patchwork of U.S. Comprehensive Privacy Laws: Top 10 Trends from the First Half of 2024