On May 16, 2024, the U.S. Securities and Exchange Commission finalized amendments to Regulation S-P (the Amendments) that largely adopt the proposed amendments the SEC issued in 2023. As discussed in further detail below, the Amendments will require broker-dealers, investment companies, SEC-registered investment advisers, funding portals, and transfer agents registered with the SEC or other
Personal information
Feb. 27 EVENT | U.S. Consumer Health Data Privacy Laws in 2024: Washington’s My Health My Data Act and Related State and Federal Developments
Greenberg Traurig Data Privacy & Cybersecurity attorneys Gretchen Ramos, Darren Abernethy, and Zachary Schapiro will present the CLE webinar, “U.S. Consumer Health Data Privacy Laws in 2024: Washington’s My Health My Data Act and Related State and Federal Developments,” Tuesday, Feb. 27, 2024. State legislatures and the Federal Trade Commission have begun…
CFPB Issues Proposed ‘Personal Financial Data Rights’ Rule
On Oct. 19, 2023, the CFPB released a proposed rule that, if finalized in its present form, would require covered financial institutions to provide consumers and authorized third parties with access and portability options for their financial data. The CFPB’s proposed rule, called the “Personal Financial Data Rights” rule, would implement Section 1033 of Title…
Under the GDPR, is an organization required to distribute its privacy notice to every individual whose information is included in an AI prompt?
Not necessarily.
Under the GDPR, controllers are required to provide information relating to what personal data they process, and how that processing takes place.
If the personal data the organization includes in AI prompts has been collected directly from individuals, those individuals should be provided with a copy of the organization’s privacy notice “at the…
Under the GDPR, what information should an organization that transmits personal data in AI prompts put in its privacy notice?
Under the GDPR, controllers are required to provide individuals with information relating to what personal data is processed, and how that processing takes place. Some supervisory authorities have specifically taken the position that organizations which use personal data to train an artificial intelligence (AI) must draft and publish a privacy notice that provides “data subjects…
Under the GDPR, what lawful purposes can an organization rely upon when using personal information to train an AI?
Data is typically needed to train and fine-tune modern artificial intelligence (AI) models. AI can use data—including personal information—to recognize patterns and predict results.
The GDPR permits controllers to process personal information if one (or more) of the following six lawful processing purposes applies:[1]
- Consent. A company may process personal information if it collects
The Polar Paradox: When Legal Compliance Meets User (and The Joe Rogan) Experience
When Implementing New Privacy Requirements, Don’t Forget User Perception
Recent events involving famous podcaster and comedian Joe Rogan and fitness device company Polar are a lesson in the delicate balancing act businesses face between privacy compliance and a positive user experience.
A Backdrop of New Privacy Norms
Considering new and stringent privacy regulations, companies are…
What is ‘publicly available information’ under the state privacy laws?
Most modern U.S. state data privacy laws exempt from their definition of personal information “publicly available information.” What constitutes publicly available information differs between state privacy laws and may not correlate to the lay definition understood by many businesses and individuals. For example, while some businesses may consider information that is available on the internet…
Update: Processing Sensitive Personal Information under U.S. State Privacy Laws
As of now, 12 states (CA, CO, CT, DE, IA, IN, MT, OR, TN, TX, UT, and VA) have passed comprehensive privacy laws that are in effect (CA, CT, CO, and VA), or are about to go into effect sometime soon (DE, IA, IN, MT, OR, TN, TX, and UT). If any of these laws…
Under modern US privacy laws, is an organization required to distribute its privacy notice to every individual whose information is used to train an AI?
Probably not.
Under the European GDPR, if the personal information that an organization is going to use as part of training an AI has been collected directly from individuals, then those individuals should be provided with a copy of the organization’s privacy notice “at the time when personal data are obtained.”[1] If the personal…