Top News - AI and Child Privacy: CARU Tightens Guidelines for Advertisers; Major US Wireless Carriers Fined for Privacy Breaches and More
Senators Call for FTC Probe into Automakers' Privacy Breaches
Senators Ron Wyden and Edward Markey have urged the FTC to investigate major automakers for allegedly misleading consumers about the protection of their location data. The inquiry revealed that most automakers, except Tesla and a few others, do not require a court order to share customers' GPS data with law enforcement. Only Tesla informs owners about government data requests. Automakers' actions contradict their public commitment to require legal orders before disclosing such information, except in emergencies or with owner consent. The senators highlighted the privacy risks this poses, especially in sensitive situations involving health and legal consequences. Read more
Maryland's Pioneering Data Privacy Act: A Shift Toward Strict Purpose Limitation
Maryland is set to adopt a pioneering stance in data privacy with the Maryland Online Data Privacy Act of 2024, which could become a landmark in enforcing strict purpose limitations on data processing. The bill emphasizes data minimization, prohibiting certain data processing irrespective of consent, especially for sensitive data and data from consumers under 18 years old. Unlike previous statutes, this bill defines the collection of personal data as needed to be "reasonably necessary and proportionate" to the services specifically requested by the consumer—moving away from compliance based solely on disclosed purposes. The proposed framework represents a significant shift, placing greater control in the hands of consumers and potentially reshaping privacy practices nationwide. Read more
AI and Child Privacy: CARU Tightens Guidelines for Advertisers
The Children's Advertising Review Unit (CARU) has issued a compliance warning to ensure advertisers using AI in child-targeted campaigns adhere to established Advertising and Privacy Guidelines. This includes all forms of media and emphasizes preventing deceptive practices and protecting children's data privacy. CARU will enforce measures against manipulative AI applications, such as deep fakes and simulated influencers, which could mislead children. The guidelines also require transparency in AI-generated content and data collection practices, mandating verifiable parental consent where necessary. CARU's oversight extends to seeking enforcement from federal bodies like the FTC for non-compliance. Read more
Major US Wireless Carriers Fined for Privacy Breaches
The FCC has imposed $200 million in fines on major US wireless carriers for unauthorized sharing of customer location data, concluding a probe initiated from a 2020 proposal. Specifically, Sprint and T-Mobile USA, now merged, along with AT&T and Verizon, were penalized for violations that occurred between 2014 and 2017 linked to a third-party service misusing location data. These fines target outdated practices that the carriers assert have been discontinued, aimed at ensuring stricter adherence to customer privacy in the future. The carriers plan to challenge the FCC's decision, emphasizing their commitment to protecting user data while criticizing the regulatory framework as outdated. Read more
NIST and GSA Lead the Way in AI Standards and Security
Following President Biden's data protection order, the Department of Commerce has released three draft guidance documents from NIST and a plan for international standards. The GSA had also published a guide for procuring Generative AI technologies. NIST's AI RMF Generative AI Profile helps organizations identify and mitigate risks posed by generative AI. The NIST GenAI Challenge, a new program, aims to facilitate research in generative AI and deep fake detection. The USPTO is seeking public comment on AI's impact on patentability. Read more
Comments