Privacy Law Section

The past couple of years have seen significant technological advancements in artificial intelligence (“AI”) and legal developments applicable to organizations that develop and deploy (i.e., adopt and use) AI. This article outlines examples of developments related to privacy law and AI at the U.S. federal and California state level and examines at a high level some privacy issues that organizations should consider before developing or deploying generative AI (“GenAI”) tools, which are a subset of AI technologies that generate new content in response to a user instruction or prompt. Read more

We are thrilled to present to you a collection of commentary on today’s most timely and impactful privacy issues from top esteemed experts in our field. In this inaugural print publication of the California Lawyer Association’s Privacy Law Section, we ambitiously cover topics ranging from generative AI to consumer health data privacy to ad tech and privacy litigation trends. We have also included a comprehensive guide to building an international privacy compliance program, and an inspiring interview with Lydia F. de la Torre, one of the five members of the Board of the California Privacy Protection Agency (CPPA). Read more

It is my distinct pleasure to welcome you to the Privacy Law Section’s first Journal. When our Section was formed several years ago, we set out a list of accomplishments we hoped to achieve. You are holding in your hands the end result of one of our more ambitious goals, a print publication that facilitates dialogue and thought leadership in the emerging area of Privacy law. And yet, our first publication could not be more timely. Since the inception of our Section, approximately twelve states have enacted comprehensive privacy laws, the U.S. and the E.U. have agreed on a major new data transfer program, reproductive health data became evidence for prosecutions in several states, there has been increased awareness of the detrimental effects of social media on teen mental health, dramatic developments in artificial intelligence have reinvigorated concerns over systematized biases, and yes, there was a major pandemic that pushed the social and work lives of millions of people online, exposing our data to countless malefactors. Clearly the need for Privacy professionals is at an all-time high. Read more

If you’ve been wondering, the rumors are true… The 2024 Privacy Summit was a huge hit, and we have the photos to prove it! Check out these photo galleries: Day One Day Two Read more

The EU Artificial Intelligence Act (AI Act) will be the first comprehensive legislation to regulate AI broadly in Europe and beyond. Read more

Canada’s Artificial Intelligence Data Act (AIDA) was introduced as part of Bill C-27 in June 2022 but will not likely be in force until 2025. While there are obvious challenges in establishing regulations for rapidly and perpetually evolving technology, privacy authorities in Canada saw a need to provide some immediate direction about generative AI in particular. Read more

By Jonathan Tam A patchwork of online privacy laws accord special protections to children and teenagers in California, and the regulatory landscape is quickly evolving. At the federal level, the Children's Online Privacy Protection Act ("COPPA") and related regulations govern the online collection, use, disclosure and other processing of personal information from children under 13. COPPA only applies to operators of online services that are directed to children and operators that have actual knowledge that they process personal information from… Read more

By Kate Aishton The FTC’s proposed updates for the Children’s Online Privacy Protection Act hit the Federal Register on January 11, starting the clock on its 60-day comment period. The Notice of Proposed Rulemaking for COPPA does not impact the underlying law but provides updated implementation and enforcement guidance while COPPA 2.0 and the Kids Online Safety Act, two legislative efforts for updating the now 25 year old law, remain blocked in Congress. Several changes promise big impacts for companies… Read more

The  civil action taken by the Security Exchange Commission (SEC) against SolarWinds and its Chief Information Security Officer (CISO) underscores the evolving landscape of liability concerns for CISOs. In the October 2023 suit filed in New York federal court, the SEC charged SolarWinds with failing to disclose the company’s cybersecurity weakness during a massive hack in its supply chain to investors. Read more

In 2018, Interactive Advertising Bureau Europe (IAB Europe) released the Transparency and Consent Framework (TCF) to provide guidance to parties in the digital advertising chain regarding compliance with GDPR and the ePrivacy Directive when obtaining and managing user consent for online advertising purposes.  Read more