This week's newsletter covers developments in AI regulation, enforcement actions by the ICO, and updates on the APRA draft.

Key takeaways:

• Colorado passed a new law (CAIA) regulating high-risk AI systems. Similar to the EU AI Act, it focuses on transparency, accountability, and preventing bias in areas like healthcare and finance.
• The ICO dropped its case against Snap's AI chatbot but is investigating Microsoft's new Recall feature. Recall captures screenshots of user activity, raising privacy concerns.
• A revised draft of the APRA clarifies data minimization rules, shortens response times to data requests, and adds new data broker regulations. Pre-emption, a controversial aspect, remains largely unchanged.

This week's Privacy Corner dives into the latest data privacy developments:

🇬🇧 US: Maryland and Vermont passed groundbreaking privacy laws with strong data minimization requirements and a private right of action in Vermont (similar to California's CCPA).
🇬🇧 UK: The ICO is seeking views on how to uphold data subject rights in generative AI but avoids the right to rectification challenge.
🇪🇺 EU: The European Commission is investigating Meta (Facebook & Instagram) under the Digital Services Act (DSA) for potentially harming children and failing to meet age verification requirements.

This Week in Privacy: AGs Block US Privacy Bill, China Blamed for UK Hack, Finnish Retailer Fined Heavily

US: Attorneys General from 15 states oppose the American Privacy Rights Act (APRA) due to concerns about preemption of state privacy laws.
UK: Government suspects China of a cyberattack on the military payroll system, exposing names and bank details.
Finland: Data Protection Authority fines online store €856,000 for requiring account creation and indefinitely storing customer data.

This week's Privacy Corner newsletter covers a range of important topics:

• Generative AI and GDPR: Privacy advocacy group noyb filed a complaint against OpenAI, alleging its AI tool ChatGPT violates user privacy by generating inaccurate personal data. The crux of the issue lies in whether noyb expects OpenAI to fix inherent limitations of the technology and the applicability of GDPR in this case.
• Fines for Location Data Sharing: The FCC penalized four major US wireless carriers nearly $200 million for allegedly sharing customers' location data with third parties without proper consent. This action reflects growing regulatory scrutiny around data privacy, especially concerning sensitive information like location.
• Updated Health Breach Notification Rule: The FTC finalized amendments to the Health Breach Notification Rule, expanding its scope to cover health apps and unauthorized disclosures of health information, not just security breaches. This highlights the evolving privacy landscape in the US healthcare sector.

In this week’s Privacy Corner Newsletter:

• Why a new US law that protects data from “foreign adversaries” extends beyond just TikTok.
• What the EDPB has planned for the next three years.
• How the ICO lost its appeal against Experian.

In this week’s Privacy Corner Newsletter:

• European data protection authorities say “no” to (some) “consent or pay”.
• California’s privacy regulator says “no” to the new US federal privacy bill.
• The Federal Trade Commission (FTC) says “no” to telehealth provider Cerebral's alleged sharing of its users’ sensitive information.

Privacy News Roundup by Robert Bateman

California just released stricter guidelines for businesses. They can't ask for unnecessary personal info when you request access to your data.

Google agreed to delete billions of browsing records following a lawsuit claiming "Incognito Mode" wasn't truly private.

The UK is prioritizing children's online privacy! They'll be checking social media platforms like Facebook & YouTube to ensure they comply with child protection laws.

In this episode of The Privacy Corner, we cover three major privacy news from this week:

First, WorldCoin, a digital identity and cryptocurrency project by Sam Altman, faces legal challenges in Portugal and other countries due to its biometric data processing practices.

Second, the UK attributes a significant data breach of the Electoral Commission and an attempted cyber attack on its parliamentarians to China, raising concerns about national security.

Third, the FTC releases a report showcasing its vigorous privacy and security enforcement activities in 2023, including notable cases and their focus on artificial intelligence, sensitive data, and algorithmic accountability.

00:00 Welcome to The Privacy Corner!
00:11 WorldCoin's Legal Troubles Across the Globe
04:26 UK's Electoral Commission Data Breach Blamed on China
06:46 FTC's Busy Year in Privacy and Data Security
09:10 Closing Remarks and Easter Wishes