In part one of this Insight article, Julia Jacobson, Alexandra Kiosse, and Alan Friel, from Squire Patton Boggs, answered common questions such as the scope of protection, effective dates, and applicability, about the three newest state consumer privacy laws. In part two, they delve into the specific obligations of controllers under these laws and highlight the key differences between them.
In its 2024 legislative session, Maryland's General Assembly passed two significant data privacy laws: the Maryland Online Data Protection Act of 2024 (MODPA)1 and the Maryland Age-Appropriate Design Code, also known as the Maryland Kids Code. Both laws are codified in the Commercial Law Article of Maryland's Annotated Code and were signed by Governor Wes Moore on May 9, 2024.
While MODPA contains restrictions and limitations on the collection, processing, use, and sale of children's data, the Maryland Kids Code aims to further protect children's online safety and privacy. It is based on similar age-appropriate design code laws enacted in the UK and California, and requires covered entities to implement Privacy by Design and Default when it comes to online products that children are reasonably likely to access. The Maryland Kids Code will become effective on October 1, 2024. Alexandra P. Moylan and Michael J. Halaiko, from Nelson Mullins Riley & Scarborough LLP, explore the key provisions of the Maryland Kids Code, how covered entities can ensure compliance, and how this law compares to similar laws.
In today's digital age, businesses are constantly seeking innovative ways to connect with their customers and drive growth. One technology that has been making waves in the marketing industry is artificial intelligence (AI). According to the definition laid down in the EU AI Act in the last version available, 'AI system' means 'a machine-based system designed to operate with varying levels of autonomy, that may exhibit adaptiveness after deployment and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments.' Gianluigi Marino and Andrea Cantore, from Osborne Clarke, define AI in marketing and discuss risks and obligations.
In this Insight article, Roger Vilanova Jou, Senior Associate at PwC, delves into the growing impact of generative artificial intelligence (AI), which is sparking debate and regulatory consideration worldwide. As organizations grapple with AI's transformative potential, the question arises: Do we need a new role to navigate its governance effectively?
Three states - Kentucky, Maryland, and Nebraska - welcomed Spring 2024 by passing comprehensive consumer privacy laws, joining the laws in New Hampshire and New Jersey1 enacted earlier this year. With the five new laws enacted in early Q2 2024, more than one-third of states have consumer privacy laws on the books.
In this part one Insight article, Julia Jacobson, Alexandra Kiosse, and Alan Friel, from Squire Patton Boggs, answer common questions such as the scope of protection, effective dates, and applicability, about the three newest state consumer privacy laws.
In a significant development within the State of Kuwait's regulatory landscape, the Communication and Information Technology Regulatory Authority (CITRA) has taken decisive steps to fortify data protection measures in the realm of telecom and IT services. Under Decision No. 26 of 2024, CITRA introduced a new set of Data Privacy Protection Regulations (the Regulations), effectively replacing the prior regulations. Concurrently, CITRA has repealed its former Data Classification Policy under Decision No. 34 of 2024, signaling a strategic shift towards more comprehensive safeguards for sensitive information.
This proactive update reflects CITRA's recognition of the growing need for strong data security measures as Kuwait's telecom and IT sectors expand. These regulatory changes also match Kuwait's big-picture plan for progress outlined in the New Kuwait 2035 strategy, emphasizing a focused push for better technology resilience and privacy standards in the country's digital world. Asad Ahmad and Salma Farouq, of GLA & Company, discuss the Regulations, highlighting the key provisions that individuals and entities should be aware of.
Children's online privacy has become a top priority in the United States at both the federal and state levels. This focus has consistently been echoed in President Biden's State of the Union speeches in 2022, 2023, and again in 2024 where he unequivocally called on lawmakers to "pass bipartisan privacy legislation to protect our children online." As a result, efforts to protect children online have significantly increased in the past year, and it is expected that new measures will continue to be introduced in 2024. Key areas of policy, regulatory, and enforcement activity continue to focus on guardrails around behavioral tracking and targeted advertising towards minors, increased consent requirements to gain access to minors' personal information, and access to, as well as the use of, social media by minors. Alaap B. Shah and Lisa Pierce Reisz, from Epstein Becker & Green, P.C., discuss the developments across the US to further protect children online.
In this Insight article, Michelle Schaap, Partner at CSG Law, will discuss some (not all) notable distinctions between the failed American Data Privacy and Protection Act (ADPPA) and the draft American Privacy Rights Act (APRA). Not surprisingly, the two have many of the same terms, as the APRA drafters used the ADPPA as their starting point.
The Australian Government released the 2023-2030 Australian Cyber Security Strategy: Legislative Reforms Consultation Paper (the Consultation Paper) in December 2023. The Consultation Paper follows the Australian Government's 2023-2030 Australian Cyber Security Strategy (the Strategy). The Strategy aims to build 'cyber shields' to strengthen Australia's cyber defenses and build resilience against cyber-attacks. Katherine Sainty, Kaelah Dowman, and Sarah Macken, from Sainty Law, explore the current ransomware environment in Australia and the Government's proposed ransomware reporting obligations.
New tools for employers to increase productivity and efficiency continue to evolve as artificial intelligence (AI) and automated decision-making become more sophisticated and prevalent. These tools are particularly common in the hiring arena, where employers can use technology to screen, track, and even communicate with applicants. Large companies that receive hundreds or thousands of applicants per week can save a lot of time by deploying a tool that, for example, scores each applicant based on how closely they match a job description or extracts and summarizes relevant information from applications and hiring materials.
Legislators are now beginning to regulate the use of such tools in the employment context. In the absence of federal regulation, it appears likely that the US will have a patchwork of regulations passed on the local and state level, similar to the current privacy regulation landscape. Laura Schwalbe, from Aurelian Law PLLC, evaluates the current regulation of AI in the employment context and how this may evolve.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
