privacy

Subscribe to privacy via RSS

On April 26, 2024, the Federal Trade Commission (FTC) announced a Final Rule that amends the Health Breach Notification Rule (HBNR or Rule) to significantly broaden the FTC’s enforcement power in the area of digital health. Under the Final Rule, many developers of everyday health and wellness apps (Developers) will now constitute “health care providers” subject to the HBNR. The consequences of failing to comply with the HBNR could be steep—failure to comply with the Rule could subject a company to civil penalties of $51,744 per violation. Below, we provide a summary of the Final Rule and highlight some of the key challenges it presents.Continue Reading FTC Final Rule Officially Broadens Health Breach Notification Rule, Targets Health and Wellness Apps

Despite national efforts over the past decades, child sexual abuse material (CSAM) and online child sexual exploitation are still unfortunately prevalent. In 2023, the National Center for Missing and Exploited Children (NCMEC) received over 35.9 million reports of suspected CSAM.[1] This is more than a 20 percent increase over the previous three years. Notably, NCMEC’s 2023 report highlighted concern about the significant increase in reports involving generative artificial intelligence, noting that the Center received 4,700 reports of CSAM or other sexually exploitative content related to these technologies.Continue Reading New Minor Safety Obligations for Online Services: REPORT Act Expands Child Sexual Exploitation Reporting Requirements

The Federal Trade Commission (FTC) recently announced two proposed settlement agreements (in the form of a stipulated order)1 (the “consent orders”) with Monument, Inc., an alcohol addiction treatment service, and Cerebral, Inc., a subscription-based online health care treatment service, signaling the FTC’s continued commitment to pursue digital health companies that the FTC believes have improperly used or disclosed consumers’ health information. The complaints focus on the companies’ disclosure of consumers’ health information to advertising platforms without the consumers’ consent, as well as Cerebral’s alleged failure to honor its “easy” subscription cancellation promises. Of note, the FTC complaint against Cerebral named its CEO personally liable for his alleged involvement with the counts raised in the complaint. The CEO has not agreed to a settlement and the case will proceed in the district court.Continue Reading FTC Announces Proposed Settlement Agreements with Two Digital Health Companies for Disclosing Consumers’ Health Information to Third-Party Advertisers, Among Other Violations

The Artificial Intelligence Act (AI Act) is the first comprehensive legislation that intends to regulate AI horizontally across all sectors in Europe. It will have far reaching consequences on all companies developing, implementing, or using AI solutions in the EU and beyond. These FAQs provide key information you should know before the AI Act is adopted, and some tips on what you can already be doing to prepare. To learn more, click here to read Wilson Sonsini’s updated FAQs.”Continue Reading Updated: 10 Things You Should Know About the EU Artificial Intelligence Act

On April 8, 2024, the French Data Protection Authority (CNIL) published recommendations on the development phase of artificial intelligence (AI) systems1 (Recommendations). They are the first set of recommendations designed to guide the various players in the AI ecosystem on how to apply the General Data Protection Regulation (GDPR) to the development of AI systems. The Recommendations are relevant to providers and users of AI systems who process personal data as part of the development of such systems, including fine-tuning already-existing AI systems.Continue Reading French Data Protection Authority Publishes Recommendations on the Development of AI Systems: Seven Takeaways

On April 7, 2024, Representative Cathy McMorris Rogers (R-WA) and Senator Maria Cantwell (D-WA) announced that Congress will once again consider a comprehensive federal data privacy bill that, if passed, would dramatically alter the privacy landscape across the United States.Continue Reading Congress Proposes New Comprehensive Privacy Legislation: The American Privacy Rights Act