56 Privacy Ghost of Christmas Past: Sectoral laws The US Privacy Scene has been regulated by Federal Sectoral laws: Financial data: » GLBA, FCRA: If you are a financial institution. » Enforced by FTC and CFPB » CFPB has been very vocal: expanding the scope of credit reports to AI for employees; chatbots; unfair and deceptive for pricing; surveillance Health Data: HIPAA BUT » HIPAA is strictly enforced for security and privacy (new OCR Notice of Proposed Rulemaking issued » Big fines for breaches » Recent focus on trackers and cookies; even unauthenticated » Focus on reproductive info - new amendment requires oversight of data sharing Kids data (on federal level) » Children’s information is a big point of focus among all regulators. » COPPA - strictly enforced by FTC and will continues » Multi million dollar fines » Includes third party trackers » Targeted to kids (but also teens) » Scope expanding into teens - KOSA and COPPA 2.0 likely to pass Kids data (on state level) » State laws: mostly under 13; considered sensitive (i.e consent; DPIA) » New AADC type laws in MD and CT - require detailed disclosure and DPIA + apply to “likely to be accessed by under 18s”. » Colorado on Minor’s information and here Biometric data - BIPA, CUBI » Laws requiring consent; written authorization (see: here) » High fines » Apply to service providcers too Federal Privacy Law: » TBD but not likely in 2025; new FTC Commissioner supports it » Two attempts: ADPPA (here and here) and APRA
RkJQdWJsaXNoZXIy MjgzNzA=