States and Congress have been enacting or debating different approaches to online “content moderation” by social media and other internet platforms. California’s “Content Moderation Requirements for Internet Terms of Service” bill (“AB 587”) goes into effect on Jan 1, 2024. In short, AB 587 requires social media companies to disclose their processes to take down or manage content and users on their platforms. AB 587 takes a somewhat different approach to social media content regulation than previously enacted laws in Texas and Florida. The Texas and Florida laws also address the content management practices of social media companies, but go beyond requiring disclosures and also prohibit specific conduct in order to restrict putative viewpoint discrimination. The Eleventh Circuit partially repudiated the Florida law because the associated content moderation requirements violate social media companies’ First Amendment rights to exercise editorial judgment on their platforms. The Fifth Circuit, on the other hand, upheld a similar Texas law because the court believed that content moderation based on viewpoint would constitute censorship and that a platform’s content moderation activity is not speech protected by the First Amendment.
On October 4, 2022, the White House Office of Science and Technology Policy published The Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People (the “AI Blueprint”). The AI Blueprint outlines non-binding guidelines for the development and deployment of automated systems and is the culmination of a year-long process of public engagement and deliberation.
The FTC continues its defense of the wide-reaching Advance Notice of Proposed Rulemaking (ANPR) on “Commercial Surveillance and Data Security” that the Commission, by a 3-2 vote, issued in August. (See the supporting statements of Chair Lina Khan and Commissioners Rebecca Slaughter, and Alvaro Bedoya, and the dissenting statements of Commissioners Christine Wilson and Noah Phillips.)
On Thursday, September 8, the FTC hosted a public forum on the notice, featuring remarks by Chair Khan, Commissioner Bedoya, and panels featuring guests representing industry and consumer interests. (more…)
On September 2, 2022, the California Age-Appropriate Design Code Act (the “Act”) (effective July 1, 2024) was passed by the California legislature, and on September 15, 2022 was signed into law by Governor Newsom. This Act dramatically expands business obligations and will force entities that provide an online service, product, or feature that is “likely to be accessed by children” (“Product”) to implement stringent privacy settings for users under 18. It aligns in many respects with the United Kingdom’s Age Appropriate Design Code, which passed in 2020. Together, these laws represent a significant shift in the regulatory landscape of children’s digital services.
The overarching policy of the Act is to require such entities to prioritize the best interests of children when developing and implementing their services. The Act implements this policy through a number of stringent requirements, including using language in privacy notices that is age-appropriate, undertaking physical and mental well-being impact assessments for existing and new products and services, and implementing stringent requirements on such entities use of the data as a default.
Privacy never sleeps in California. In recent days and as California’s legislative session comes to a close, there have been a number of significant legislative and regulatory developments in the state, each of which will likely (again) change the privacy landscape in California and, by extension, the rest of the country. For businesses operating in California or whose websites, products or services reach California residents, these changes mean new compliance obligations, some of which could require significant investments of time and resources. The impact of these changes highlight once again how the United States lacks a consistent national policy on privacy that could be set by a comprehensive federal privacy law. (more…)
On Thursday, August 11, the Federal Trade Commission (“FTC”) announced that it is exploring rules to crack down on harmful commercial surveillance and lax data security practices. The FTC’s Advance Notice of Proposed Rulemaking (“ANPR”) solicits public comment on whether it should put into effect new rules and restrictions concerning standards and requirements for information security, the ways in which companies collect and process data in commercial contexts, and whether any practices related to the transfer, sharing, selling, or other monetization of personal information should be categorized as unfair or deceptive. The FTC voted 3-2 to publish the notice, with Chair Khan and Commissioners Slaughter and Bedoya voting in favor and issuing separate statements. Commissioners Phillips and Wilson voted against publication and also issued separate dissenting statements. The following Monday, Commissioner Phillips announced he would be leaving the FTC this fall.
Last week, the UK Competition and Markets Authority (CMA) hosted its inaugural Data, Technology, and Analytics (DaTA) Conference.
The CMA DaTa Conference has been hailed as a milestone as it convened for the first time regulators, data scientists, engineers, tech companies, and academics to discuss evolving challenges in digital markets. The conference coincided with London Tech Week, during which Chris Philp, UK Minister for Tech and the Digital Economy, unveiled a new UK Digital Strategy: the UK government’s vision for regulating digital markets, involving a monitoring framework and outcomes-focused regulation. The government has opened a public consultation, and stakeholders have until September 5, 2022, to offer their views on the proposed approach.
Against this background, here is our selection of the top five trends that stood out over the course of the CMA DaTa Conference. (more…)
Connecticut has passed a new state data privacy law slated to go into effect on July 1, 2023. The law largely tracks other new state data privacy laws recently passed in Virginia and Colorado, but also includes several provisions that could impact compliance plans, including a new obligation to provide a mechanism for consumers to revoke their consent to the processing of their data. (more…)
*This article first appeared on Law360 on June 16, 2022
Pending lawsuits against Google LLC illustrate how regulators and plaintiffs lawyers are increasingly wielding a dark patterns theory in challenging companies’ practices involving consumers.
The attorneys general of Washington, D.C., Washington state, Texas and Indiana all filed complaints against Google, alleging that the company tricks consumers into providing their location data, on Jan. 24. (more…)
Algorithms touch upon multiple aspects of digital life, and their use potentially falls within several separate – though converging – regulatory systems. More than ever, a ‘joined up’ approach is required to assess them, and the UK’s main regulators are working together to try to formulate a coherent policy, setting an interesting example that could be a template for global approaches to digital regulation. (more…)