Privacy and Data Privacy News for July 2024

It’s been a busy month for privacy.

We interviewed Mary Engle, the Executive President of Policy at BBB National Programs on Privacy Lawls. During the podcast episode, we discussed the privacy harms that are caused by dark patterns and how dark patterns trick consumers. Listen to the episode here.  We hope that you find this newsletter helpful for staying up to date with the myriad changes in the privacy field!

What’s new in privacy? 

Below are some of the most notable news in privacy from this month: 

1. Texas and Oregon privacy laws go into effect. On July 1, 2024, two new privacy laws went into effect – the Texas Data Privacy and Security Act and the Oregon Consumer Privacy Act. These privacy laws provide rights to residents of each state to help them protect their privacy and require businesses to make updates to their Privacy Policies. If you have not updated your answers to the Termageddon Privacy Policy questionnaire, please make sure to do so as soon as possible. Read the Texas Data Privacy and Security Act Compliance Guide and the Oregon Consumer Privacy Act Compliance Guide. 
2. American Privacy Rights Act review canceled. The House Energy and Commerce Committee has canceled a planned markup of the American Privacy Rights Act, a proposed federal privacy bill. If passed, the bill would provide privacy rights to Americans and would require certain companies to respect such rights and meet other privacy requirements. However, the bill is facing opposition and is currently failing to progress forward. Learn more here.
3. Governor of Vermont vetoes privacy bill.  Vermont’s proposed privacy bill, which would have provided residents of the State with privacy protections and even allowed consumers to sue businesses directly for violations, has been vetoed by the Governor of Vermont. The Governor stated that the passage of the bill would have made the State unfriendly to businesses and would negatively impact mid-sized and small businesses. Learn more here. 
4. Meta pauses AI training on EU user data. Meta has announced that it will delay the use of large language models on public content for training purposes following a request from the Irish Data Protection Commission. Meta planned to rely on the “legitimate interests” legal basis instead of consent to use data to train its AI. This development comes as NOYB filed a complaint in 11 EU countries alleging violations of GDPR due to the use of data in training AI technologies. Read more here. 
5. FTC refers a complaint against TikTok to the Department of Justice. The FTC stated that it has referred the complaint due to potential violations of the FTC Act and the Children’s Online Privacy Protection Act. Read more here. 
6. Clearview AI settles privacy lawsuit. Clearview AI reaches a settlement in an Illinois lawsuit alleging that its photographic collection of faces violated privacy rights. The settlement is estimated to be worth more than $50 million. Learn more here. 
7. Wells Fargo fires staff for using a “mouse jiggler” tool. Wells Fargo has fired more than a dozen employees for using tools that move a computer mouse to create the impression of active work. This action spurred a conversation over the monitoring and surveillance of employees at work. Read more here.
8. BIPA amendments pass. The Illinois legislature has passed amendments to the State’s Biometric Information Privacy Act. The amendments change BIPA violation accrual so that each initial collection of biometrics amounts to one violation, rather than a violation occurring for each individual scan. In addition, the amendments allow consent to be obtained via an electronic signature. Read more here.
9. Arkansas sues Temu over alleged privacy violations. The lawsuit claims that Temu’s apps are designed to gain access to a user’s devices and override their privacy settings. Learn more here. 
10. Canada’s Privacy Commissioner announces investigation into 23andMe breach. During the IAPP Canada Privacy Symposium 2024, the Privacy Commissioner of Canada announced that he will be opening an investigation into the 2023 data breach of the company 23andMe. The investigation will be conducted jointly with the UK Information Commissioner’s Office. Learn more here. 

What privacy bills are we tracking? 

As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.

• Georgia – GA HB798;
• Georgia – GA S473;
• Hawaii – HI SB1110/HB1497;
• Hawaii – HI SB 974;
• Hawaii – HI S 3018;
• Illinois – IL HB3385;
• Illinois – IL SB3517;
• Kentucky – KY S 15;
• Kentucky – HB24;
• Louisiana – LA HB947;
• Massachusetts – MA HD2281/SB745;
• Massachusetts – MA HD3263/SD1971;
• Massachusetts – MA HD3245
• Michigan – MI SB659
• Minnesota – MN SF950;
• Minnesota – MN HB2309;
• Nebraska LB 1294;
• New York – NY S2277;
• New York – NY SB365;
• New York – NY SB3162;
• New York – NY AB4374;
• North Carolina – NC SB525;
• Oklahoma – OK HB1030;
• Pennsylvania – PA HB708;
• Pennsylvania – PA HB1201;
• Pennsylvania – PA HB1947;
• Rhode Island – RI H7787;
• Vermont – VT HB121
• Vermont – VT SB 269
• Washington – WA HB1616;
• West Virginia – WV HB5112;

Events

Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals: 

1. Data Governance: Operational controls to protect personal information – July 4, 2024; 
2. Privacy as Property: Useful framework or dangerous heresy? July 10, 2024; 
3. Selling and Sharing Practices Under the CCPA/CPRA – July 15, 2024.

Can’t get enough of privacy news and stories? You can check out the Termageddon blog here or our podcast, Privacy Lawls.