Showing Posts In "Data Protection and Privacy" Category
Texas Enacts AI Consumer Protection Law
On June 22, 2025, Texas Gov. Greg Abbott signed House Bill 149, establishing the Texas Responsible Artificial Intelligence Governance Act (TRAIGA), effective Jan. 1, 2026. TRAIGA prohibits AI systems that incite harm, infringe constitutional rights, or unlawfully discriminate. It mandates disclosures for healthcare providers and government entities using AI, and it amends biometric data laws. […]
Oregon Amends Its Comprehensive Privacy Statute
Oregon’s recent amendment to its comprehensive privacy statute extends the statutory cure period to July 1, 2026, but this extension is limited to certain controllers, specifically noncommercial educational broadcast stations that receive funding from the Corporation for Public Broadcasting and distribute journalism content without cost. Additionally, the amendment introduces a new criminal offense for the […]
New Jersey’s Proposed Privacy Rules include Some Surprises
On June 2, 2025, New Jersey proposed regulations under the New Jersey Data Privacy Act, introducing several notable provisions. The rules require consumer consent before using personal data to train artificial intelligence, mandate detailed disclosures for profiling activities, and necessitate data inventory maintenance. Controllers must also ensure data rights request mechanisms are functional and obtain […]
Governor Signs Texas Responsible Artificial Intelligence Governance Act
On July 10, 2025, Germany’s Federal Commissioner for Data Protection and Freedom of Information (BfDI) initiated a public consultation on the data protection-compliant handling of personal data in large language models (LLMs). The consultation seeks input from stakeholders in science, industry, and civil society to address issues such as anonymization limits, memorization of personal data, […]
Germany: BfDI Launches Public Consultation on Personal Data in AI Models
The Federal Commissioner for Data Protection and Freedom of Information (BfDI) in Germany has initiated a public consultation on anonymization practices under the General Data Protection Regulation (GDPR). The consultation aims to gather feedback from stakeholders to develop practical approaches for implementing anonymization techniques that align with GDPR requirements. This initiative reflects Germany’s commitment to […]
Financial institutions may rely on third parties for Social Security, Taxpayer Identification Numbers
On June 27, 2025, federal agencies issued an order allowing banks and credit unions to obtain customers’ Taxpayer Identification Numbers (TINs), including Social Security Numbers (SSNs), from third-party sources instead of directly from customers during account openings. This exemption from the Customer Identification Program (CIP) Rule aims to modernize compliance with the Bank Secrecy Act […]
EU EDPB and EDPS Issue Opinion on GDPR Simplification Proposal
On July 9, 2025, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued Joint Opinion 01/2025 on the European Commission’s proposal to amend the General Data Protection Regulation (GDPR).The proposal aims to simplify record-keeping obligations for small and medium-sized enterprises (SMEs) and small mid-cap companies (SMCs) by raising the employee […]
Data Protection Meets Consumer Protection: The Crucial Role of Clear Terms in Service Contracts
On June 10, 2025, the Finnish Data Protection Ombudsman ruled that processing personal data to enforce parking violations was unlawful because the rental agreement lacked provisions detailing such enforcement. This decision underscores the necessity for clear contract terms under both the General Data Protection Regulation (GDPR) and EU consumer laws, such as the Consumer Rights […]
CPPA to Hold Board Meeting on Proposed CCPA Regulations and DROP Requirements
On July 24, 2025, the California Privacy Protection Agency (CPPA) Board held a public meeting to discuss proposed regulations under the California Consumer Privacy Act (CCPA) and the California Delete Act. The agenda included deliberations on updates to existing CCPA regulations concerning automated decision-making technology, risk assessments, cybersecurity audits, and insurance. Additionally, the board reviewed […]
Connecticut’s Recent Privacy Settlement Shows that Organizations Should Remain Cognizant of Privacy Law Obligations Outside of California
Connecticut’s first enforcement under the Connecticut Data Privacy Act (CTDPA) involved TicketNetwork, Inc., which failed to address deficiencies in its privacy notice and consumer rights mechanisms. Despite receiving a cure notice, the company did not resolve the issues within the mandated 60-day period. As a result, TicketNetwork agreed to pay an $85,000 fine and comply […]
SUBSCRIBE TO OUR NEWSLETTERS
The Global Background Screener
The Background Buzz!
(U.S. Background Screening
E-Magazine)