CCPA enforcement action takeaways

California AG CCPA enforcement trends and takeaways The California Attorney General has enacted two major California Consumer Privacy Act (CCPA) enforcement actions so far, respectively against Sephora and DoorDash. A few takeaways can be made by comparing the two cases. Broad interpretation of “...

Conformity Assessments

The EU AI Act has been agreed upon by the Parliament, Commission, and Council of the European Union and will bring with it obligations for organizations looking to use artificial intelligence. Notable amongst the requirements is the conformity assessment for high-risk uses of AI. We have seen sim...

Universal Opt-Out Mechanisms FAQ

As more US states pass comprehensive privacy laws with technological advances in mind, a recent trend emerging is a requirement that controllers’ websites comply with universal opt-out mechanisms. Here’s a breakdown of everything you need to know about implementing the specific law requirements. ...

Some old, some new requirements in NH and NJ laws

Two new US state laws have been approved for New Jersey and New Hampshire already this year. As part of our commitment to keeping up with the latest law requirements, we have pulled out a few takeaways. Quick Overviews The essence of the New Jersey and New Hampshire privacy laws, otherwise referr...

Privacy and the SMBs

With the introduction of new privacy laws, I frequently am asked “what do I need to do?” by business owners. Recently, the question is coming from SMB owners who are unclear if the emerging privacy laws apply to them.

AI Criteria: Access

During a webinar in May of 2023, I stated that the main problem with artificial intelligence isn’t AI itself, but the people who use it. I still hold to this idea. Most applications I have seen that make me scratch my head or cringe with disbelief are bad ideas from people, not mistakes or errors...

AI Criteria: Review

The most important piece of any privacy program handling or investigating the use of artificial intelligence is the review process. There are three areas to review, including the algorithm itself, the training data, and finally the outputs. This will act like a filter of increasing scrutiny as we...

Balancing user convenience and consent in system updates

Over Thanksgiving, a Facebook post from a local community police department caught my attention, warning about an automatic feature called NameDrop in the Apple iOS17 update. Once I returned to work, I decided to delve into the issue surrounding this automatic feature. It also reminded me that th...

AI criteria: Notice and Choice

Providing a privacy notice to individuals about  how their data is collected and processed is not a foreign concept to privacy professionals. We need to detail what information is collected, how it is used and shared, what rights subjects have, and provide them some way to ask questions or m...

AI criteria: Non-invasiveness

Privacy is often considering whether or not a use of information is appropriate. What is or isn’t appropriate is based on regulations and rules, but as I had written elsewhere, your own feelings might play into that as well (Empathic Privacy). Being non-invasive is a matter of considering if the ...