It is fairly standard language in privacy policies: “This privacy policy may be amended or updated from time to time, so please check back regularly for updates.” It sends the message that the company can change its data practices and policies without ever notifying the end-user. It tells the end-user that the burden is on them
Privacy Zone
Where technology and intellectual property meet privacy
Blog Authors
Latest from Privacy Zone
White House AI Order Balances Innovation And Regulation
On Oct. 30, President Joe Biden issued an executive order on safe, secure and trustworthy artificial intelligence.[1]
The executive order provides a sprawling list of directives aimed at establishing standards for AI safety and security and protecting privacy.
While the executive order acknowledges the executive branch’s lack of authority for any lawmaking or rulemaking, AI…
FTC Launches Investigation into OpenAI
Following its many warnings of impending enforcement action against entities providing Artificial Intelligence (“AI”) products, the FTC has officially launched an investigation into OpenAI[1]. The FTC initiates its investigation on the heels of the Center for AI and Digital Policy’s July 10, 2023 supplement to its March 30, 2023 complaint, which requests that…
Is Privacy Enforcement Impending for Generative Artificial Intelligence Technologies?
Just last week, researchers at Robust Intelligence were able to manipulate NVIDIA’s artificial intelligence software, the “NeMo Framework,” to ignore safety restraints and reveal private information. According to reports, it only took hours for the Robust Intelligence researchers to get the NeMo framework to release personally identifiable information from a database.[1] Since these vulnerabilities were…
If you Think “My Health, My Data” Does Not Apply to Your Company, You May Want to Think Again
Many companies may be quick to dismiss Washington’s “My Health, My Data” (MHMD) as a health data law that does not apply to them. But there are many reasons you should think twice before disregarding this law.
First, unlike the state privacy laws that have been passed so far, MHMD applies to all companies regardless…
Gloves Are Off in the FTC’s Dispute With Meta Over Privacy Practices
In this corner, the U.S. Federal Trade Commission (FTC):
“Facebook has repeatedly violated its privacy promises,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The company’s recklessness has put young users at risk, and Facebook needs to answer for its failures.”
In that corner, Meta (formerly, Facebook):
Meta head of communications Andy…
What is “Data Minimization”? Could This Be a Future Hot Issue for U.S. Privacy Litigation?
On March 16, 2023, the French Data Protection Agency (the “CNIL”) imposed a fine of € 25,000 on the company CITYSCOOT in connection with a finding that CITYSCOOT failed to comply with the obligation to ensure data minimization, as required by Article 5.1.c of the GDPR. The facts that led to the judgment included a finding…
The Supreme Court Declines to Further Clarify Standing for Privacy Claims in Wakefield v. ViSalus
A number of federal privacy laws provide private rights of action, allowing individuals (or class actions) to bring claims alleging violations of certain privacy laws. Some examples of these statutes include the Video Privacy and Protection Act (VPPA), the Telephone Consumer Protection Act (TCPA), and the Fair Credit Reporting Act (FCRA). What is more is that some…
FTC Actions Hold Data Privacy Lessons For 2023
The Federal Trade Commission will have its eye on privacy and data security enforcement in 2023.
In August, the agency announced that it is exploring ways to crack down on lax data security practices. In the announcement, the FTC explained that it was “concerned that many companies do not sufficiently or consistently invest in securing…
Learning From Data Breach Cases To Reduce Legal Risk
The average cost of a data breach is on the rise.
According to the 2022 ForgeRock Consumer Identity Breach Report, the average cost in 2021 of recovering from a data breach in the U.S. is $9.5 million — an increase of 16% from the previous year.
Lawsuits and regulatory fines are a significant factor contributing to…