The Latest Privacy New for November 2023

We recently released a new episode of our podcast, Privacy Lawls, where we spoke with attorney Jody Westby about the differences between privacy and security. It is a must listen for anyone who is interested in what it’s like to work with the American Bar Association, how privacy and security differ, and what laws cover these fields. Check out the new episode here. We hope that you find this newsletter helpful for staying up to date with the myriad changes in the privacy field. 

What’s new in privacy? 

Below are some of the most notable news in privacy from this month: 

1. White House rolls out comprehensive executive order on AI.  President Biden has issued a groundbreaking executive order on AI, prioritizing privacy, security, and non-discrimination. The order calls for comprehensive privacy legislation and demands that developers share safety test results with the government. It addresses AI’s impact on critical infrastructure and civil rights, protecting workers and encouraging U.S. competition through research resources and streamlined visa processes. Learn more here. 
2. Delete Act will allow California residents to delete personal information from data brokers’ records. The California Governor has signed the Delete Act (SB 362), granting residents the right to request the deletion of their personal data from all data brokers in the state. The law requires data brokers to register with the California privacy protection agency (CPPA) and establish a simple, free method for Californians to request data deletion. Non-compliance results in fines or penalties. The law aims to protect sensitive information but has faced opposition from advertising companies, claiming it could hinder their industry. Privacy advocates support the law for enhancing data privacy and transparency. Learn more here. 
3. Privacy and parental oversight laws likely violate the First Amendment. A federal judge in California has preliminarily blocked a state law aimed at regulating how social media and video game platforms treat minors, citing potential First Amendment violations. This ruling comes after similar lawsuits and temporary injunctions in Arkansas and Texas, where laws requiring age verification and content restrictions for minors were challenged. The battle between tech companies, free speech activists, and advocates for children’s online safety underscores the broader struggle to control internet regulations. The California case could set a precedent with far-reaching implications for tech regulations in other states. Learn more here. 
4. Google’s $23 million data leak settlement approved. A federal judge approves Google’s $23 million settlement for a 13-year-old class-action lawsuit involving leaked personal data via search queries. Learn more here. 
5. Meta seeks to block the FTC from updating its privacy agreement. Lawyers for Meta, which owns Facebook, Instagram, and WhatsApp, and the FTC are in dispute over the FTC’s plan to strengthen a 2019 privacy order. The FTC accused Meta of misleading parents about their control over their children’s contact in the Messenger Kids app and proposed tightening the privacy agreement to include a ban on making money from minors’ data. Meta argued against this, and a decision on the matter is expected before November 30. Learn more here. 
6. A view from Brussels: GDPR 2.0? The EU General Data Protection Regulation (GDPR) faces calls for revision, with increased complexity from other legislation like the Digital Markets Act. The European Commission is preparing for a comprehensive evaluation of the GDPR in 2024, looking beyond procedural harmonization and exploring broader amendments. Learn more here. 
7. 23andMe confirms data breach. The genetics testing company 23andMe issued a notice to customers to inform them that a breach of their “DNA Relatives” feature led to a leak of their data. A hacker advertised millions of pieces of data stolen from the company in an online forum. The company stated that it is temporarily disabling the “DNA Relatives” feature to protect user privacy. Read more here. 
8. The Privacy Commissioner of Canada recommends updating privacy laws to safeguard children. The Commissioner stated that it is important to ensure that children can navigate the online world without risk to their fundamental right to privacy. The Commissioner stated that Canada’s federal privacy law, PIPEDA, should be modernized to protect the privacy and best interests of children. Learn more here. 
9. Italy’s Data Protection Authority fines utility company 10 million Euros for GDPR violation. The fine stemmed from consumer complaints that the utility company processed out of date personal information which was then used to activate unsolicited contracts. The DPA found that the company illegally processed the personal data of more than 5,000 individuals. Learn more here. 
10. Pew Research finds that 81% of US adults are concerned about how companies use the data they collect about them. The study also find that 67% of US adults have little to no understanding about what companies do with the data they collect about them and that 76% of Americans believe that companies should not be allowed to sell users’ personal data to others without consent. Learn more here. 

What privacy bills are we tracking? 

As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.

• Georgia – GA HB798;
• Hawaii – HI SB1110/HB1497;
• Hawaii – HI SB 974;
• Illinois – IL HB3385;
• Indiana – IN HB 1554;
• Iowa – IA House File 2506;
• Iowa – IA House Study Bill 12;
• Kentucky – KY S 15;
• Louisiana – LA SB199;
• Maine – ME SB807;
• Maine – ME HB1270;
• Maryland – MD HB807;
• Massachusetts – MA HD2281/SB745;
• Massachusetts – MA HD3263/SD1971;
• Mississippi – MS SB 2080;
• Minnesota – MN SF950;
• New Hampshire – NH SB255;
• New York – NY S2277;
• New York – NY SB365;
• New York – NY SB3162;
• New York – NY AB4374;
• New Jersey – NJ S 332;
• New Jersey – NJ A505;
• New Jersey – NJ A 1971;
• North Carolina – NC SB525;
• Oklahoma – OK HB1030;
• Pennsylvania – PA HB708;
• Pennsylvania – PA HB1201;
• Washington – WA HB1616;
• West Virginia – WV HB3453;
• Vermont – VT HB121

Events

Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals: 

1. Navigating the AI frontier: a guide for bar leaders – November 15, 2023; 
2. Coming soon to a state near you: evolving US privacy requirements and practical tips – November 16, 2023; 
3. Privacy and access at a turning point: looking forward to 2026 – November 30, 2023.

If you’ve made it this far, you may be as into privacy as we are. If that’s the case, be sure to subscribe to our podcast, Privacy Lawls, where we have fun chatting with some of the biggest names in privacy!