Privacy

Subscribe to Privacy via RSS

Artificial intelligence (AI) companion apps have been in the news, with Commissioner Melissa Holyoak of the Federal Trade Commission calling for a study on AI companions earlier this month, and lawmakers at the state and federal level voicing concerns about the technologies. In response, New York has enacted the first law requiring safeguards for AI companions. Scheduled to come into effect on November 5, 2025, the law requires operators of AI companions to implement safety measures to detect and address users’ expression of suicidal ideation or self-harm and to regularly disclose to users that they are not communicating with a human. Here are some answers to the key questions about the law:Continue Reading New York Passes Novel Law Requiring Safeguards for AI Companions

On June 5, 2025, Nevada Governor Joe Lombardo signed AB 406, a law regulating the use of artificial intelligence (AI) for mental and behavioral healthcare. AB 406 comes as other states, such as Utah and New York, have taken steps to regulate AI chatbots, including AI chatbots providing mental health services. AB 406 prohibits offering AI systems designed to provide services that constitute the practice of professional mental or behavioral healthcare (such as therapy) and prohibits making representations that an AI system can provide such care. In addition, AB 406 limits how mental and behavioral healthcare professionals can use AI systems.[1] AB 406 takes effect on July 1, 2025.Continue Reading Nevada Passes Law Limiting AI Use for Mental and Behavioral Healthcare

On June 16, 2025, the Council of the EU (Council) and the European Parliament (EP) reached an agreement on a new regulation (the Draft Regulation) to enhance enforcement of the General Data Protection Regulation (GDPR). The Draft Regulation aims to improve cooperation between national data protection authorities (DPAs) to speed up their handling of cross-border GDPR complaints and related investigations.Continue Reading EU Reaches a Deal on Rules for Swifter Cross-Border GDPR Enforcement

On June 4, 2025, the U.S. Department of Health and Human Services (HHS) announced the appointment of Paula M. Stannard as the Director of the Office for Civil Rights (OCR). As Director, Stannard will lead the enforcement of the Privacy, Security, and Breach Notification Rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as federal civil rights laws.Continue Reading HHS Announces New Director of Office for Civil Rights: What to Watch from the New Health Privacy Leader

On May 13, 2025, the European Commission (EC) published draft guidelines on the protection of minors online. The guidelines outline the proposed measures that the EC expects online platforms accessible to minors to take to protect minors’ privacy, safety, and security in line with requirements under the Digital Services Act (DSA).Continue Reading EU Commission Launches DSA Consultation on the Protection of Minors Online

On April 28, 2025, Congress passed the “TAKE IT DOWN Act.” In addition to criminalizing intentional publication of non-consensual intimate imagery, including computer-generated intimate imagery (collectively, NCII), the bill requires “covered platforms” to develop a process for removing NCII within 48 hours of a valid report. Covered platforms are those that primarily provide a public forum for user-generated content. The term does not include ISPs, email providers, online services that consist primarily of non-user-generated content, or services for which chat, comment, or interactive functionality is directly related to the provision of non-user-generated content. The bill now awaits President Trump’s signature and is expected to be signed in light of receiving bipartisan support and an endorsement from the First Lady.

A summary of the bill’s key provisions are highlighted below.Continue Reading The “TAKE IT DOWN Act” Goes Up to President Trump’s Desk for Signature