Despite national efforts over the past decades, child sexual abuse material (CSAM) and online child sexual exploitation are still unfortunately prevalent. In 2023, the National Center for Missing and Exploited Children (NCMEC) received over 35.9 million reports of suspected CSAM.[1] This is more than a 20 percent increase over the previous three years. Notably, NCMEC’s 2023 report highlighted concern about the significant increase in reports involving generative artificial intelligence, noting that the Center received 4,700 reports of CSAM or other sexually exploitative content related to these technologies.Continue Reading New Minor Safety Obligations for Online Services: REPORT Act Expands Child Sexual Exploitation Reporting Requirements

The recent omnibus foreign relations package signed by President Biden on April 24, 2024, includes the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (the Act), a set of sweeping privacy provisions prohibiting data brokers from sharing sensitive personal information with a broad range of entities that may have ties to Russia, China, Iran, and North Korea. The Federal Trade Commission (FTC) will enforce these prohibitions and have the ability to seek civil penalties for violations. The provision takes effect 60 days after the date of enactment of the Act.Continue Reading New Federal Data Broker Restrictions Signed into Law

On April 3, 2024, the UK Information Commissioner’s Office (ICO) released a statement setting out its priorities for protecting children’s privacy online. The priorities reflect the ICO’s strategy for the next phase of implementing its Children’s code of practice (also known as the “AADC”) and signal a focus by the regulator on the operations of social media and video-sharing platforms (platforms). The ICO will look at platforms’ default settings for children’s profiles, recommender systems and how they obtain consent to the processing of children’s data. The statement also indicates that the ICO will conduct audits of EdTech providers to identify privacy risks and potential noncompliance with applicable legislation.Continue Reading UK Privacy Regulator Details Next Stages of Its Strategy to Protect Children Online

On February 13, 2024, the New York Attorney General Letitia James and New York State Education Department (NYSED) Commissioner Betty A. Rosa announced a settlement with College Board to resolve allegations that College Board violated New York Education Law § 2-d, the state’s student privacy law.Continue Reading Time to Hit the Books for Student Privacy Compliance: College Board Agrees to Pay $750K for N.Y. Student Privacy Violations

2023 was one of the busiest years for privacy yet—with more to come in 2024. Five new U.S. state privacy laws (in Texas, Florida, Oregon, Montana, and Washington) will come into effect in 2024. And federal and state regulators are sure to focus on hot areas like artificial intelligence, children’s privacy, and the collection, use, and sharing of consumer health data, among others. Given this backdrop, here are our top 10 predictions for privacy regulation in 2024:Continue Reading U.S. Privacy Predictions: What to Watch for in 2024

On October 27, 2023, the Federal Trade Commission (FTC) announced it is amending the Safeguards Rule of the Gramm-Leach-Bliley Act (GLBA) to include a requirement for non-bank financial institutions to report certain data breaches and other security events to the agency.Continue Reading FTC Amends Safeguard Rule with Requirement for Non-Banking Financial Institutions to Report Data Security Breaches