On March 15, the Iowa House passed Senate File 262 (SF 262), a comprehensive state privacy law bill. If enacted, SF 262 would be the sixth state level privacy legislation, following California, Virginia, Colorado, Utah, and Connecticut, and it would go into effect on January 1, 2025.
Continue Reading Iowa to Introduce the Sixth Comprehensive State Privacy Law in United States
On February 27, 2023, the Federal Trade Commission (“FTC”) Division of Advertising Practices updated their business guidance on the usage of Artificial Intelligence (“AI”) for 2023. In their post titled “Keep your AI claim in check”, the FTC guides marketers on how best to legally and efficiently utilize AI in advertising and avoid AI washing. Building upon the FTC’s previous AI guidance of 2020 and 2021, this year’s iteration emphasizes that false or unsubstantiated claims about a product’s efficacy—including those that involve promises about the ability of AI—runs afoul of the FTC Act. Specifically, the FTC reminds marketers of the following questions that they should consider with the increasing use of AI in products:
On August 24, 2022, the California Attorney General’s Office announced a settlement with Sephora, Inc. (Sephora), a French multinational personal care and beauty products retailer. The settlement resolved Sephora’s alleged violations of the California Consumer Privacy Act (CCPA) for allegedly failing to: disclose to consumers that the company was selling their personal information, process user requests to opt out of sale via user-enabled global privacy controls, and cure these violations within the 30-day period currently allowed by the CCPA.
The California Office of the Attorney General issued its first opinion interpreting the California Consumer Privacy Act (CCPA) on March 10, 2022, addressing the issue of whether a consumer has a right to know the inferences that a business holds about the consumer. The AG concluded that, unless a statutory exception applies, internally generated inferences that a business holds about the consumer are personal information within the meaning of the CCPA and must be disclosed to the consumer, upon request. The consumer has the right to know about the inferences, regardless of whether the inferences were generated internally by the business or obtained by the business from another source. Further, while the CCPA does not require a business to disclose its trade secrets in response to consumers’ requests for information, the business cannot withhold inferences about the consumer by merely asserting that they constitute a “trade secret.”
Continue Reading California AG Interprets “Inferences” Under CCPA