Hello all, and happy Thursday!
If you’ve been paying attention to political news in the US, then you’ve no doubt heard about the difficult legislative journey facing the most recent budget reconciliation bill. It’s passed the House and now faces the Senate, where some of its provisions have come under closer scrutiny.
One of those provisions is a proposed state-level ban on the passage and enforcement of AI regulations.
Your first reaction might be, “Well, that’s not a good idea.” Your next might be relief that even if this provision passes, at least data privacy laws’ requirements around automated decision-making technology would still apply. Unfortunately, the second half of the provision—the ban on the enforcement of AI regulations—would mean existing laws would not apply. That likely includes current US data privacy regulations.
Keep an eye on this one! Data privacy and AI regulation in the US could look very different if it passes.
Best,
Arlo
Miss our webinar on how legal experts and privacy professionals can become privacy enablers? Don’t worry—the recording is available, free and ungated, here.
Data privacy is constantly changing, and that goes double for enforcement. Businesses should stay aware of these current, relevant enforcement trends in order to avoid attracting regulatory attention.
If you're in risk management, you sit at the intersection of privacy, security, and compliance. It's a juggling act, and data privacy is just one ball in the air. Learn how you can make data privacy management a cornerstone of your risk management strategy and one less thing to worry about in our upcoming webinar.
Save Your Seat | June 18
The Texas House has given final approval to one of the most closely watched artificial intelligence bills of the year, potentially providing a roadmap for other red states. The vote Friday came despite a looming threat that Congress could preempt enforcement of state-level AI regulations for the next decade as part of the federal budget reconciliation bill. Now, the bill awaits Governor Abbot’s signature.
Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it's investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.
The inclusion of a proposed 10-year moratorium on state-level artificial intelligence law enactment and enforcement in the US Congress' reconciliation bill enjoyed narrow but mostly uncontentious support when it passed the House of Representatives on 22 May. There are growing indications the moratorium will not encounter the same smooth sailing in the Senate, which is scheduled to take up its reconciliation work over the coming weeks.
Recently, a coalition of state attorneys general and privacy regulators from California, Colorado, Connecticut, Delaware, Indiana, New Jersey, Oregon, and the California Privacy Protection Agency (CPPA) announced the formation of the "Consortium of Privacy Regulators." This bipartisan initiative aims to coordinate regulatory priorities, share expertise and resources across jurisdictions, and align privacy enforcement actions as U.S. state data protection law enforcement intensifies.
German data privacy regulators recently fined the multinational telecommunications company Vodafone €45 million ($51.2 million) for what authorities called “malicious behavior” by third-party sales agents and for security flaws in its authentication processes.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!