Year: 2023

News

The Consumer Financial Protection Bureau (“CFPB”) proposed the Personal Financial Data Rights rule to give people a legal right to give third parties access to their data related to their credit card, checking, prepaid, and digital wallet accounts. This change will allow people to switch service providers and manage multiple accounts without paying junk fees or permitting risky methods of data collection. 

The French Data Protection Authority (“CNIL”) published a set of guidelines in the form of AI how-to sheets addressing compliance with personal data regulation, including the GDPR, while developing AI systems. The guidelines are intended to provide greater legal certainty to relevant parties. 

New attorneys for the Fugees rapper, Pras, filed a motion for a new trial on the grounds that his previous defense attorney was ineffective because the attorney used an “experimental” Generative AI program to help him write the closing argument and it caused mistakes. 

PEW Research published a report on a survey about Americans views on data privacy. Key highlights include:

• American adults are concerned about and don’t understand how companies and the government use the data they collect. The percent has increased for Republicans responding to the poll
• Americans don’t trust companies to use AI responsibly and worry that use of AI for data collection and analysis will result in unintended consequences and uses people would not be comfortable with
• Americans feel their privacy choices don’t really matter
• There is bipartisan support for increased regulation of company’s use of personal data

The New York Court of Appeals ruled that independent oversight agencies, the Commission on Forensic Sciences and the DNA Subcommittee, had the authority to promulgate a regulation that permits law enforcement to request a familial DNA search of the state DNA Databank — which stores genetic information of New Yorkers convicted of certain felonies — when an initial search results in no match or a partial match. NY Court of Appeals Decision.

(Compiled by Student Fellow Lindsey Schwartz)

News

The Biden-Harris Administration issued a landmark executive order entitled “Safe, Secure, and Trustworthy AI.” The order aims to standardize federal procurement of AI, and to lay out the groundwork for establishing new standards for AI safety and security. The order proposes several key measures, including requiring agencies to work with NIST to develop responsible AI testing frameworks and guidances, requiring developers of powerful AI systems to share their safety test and performance results with the government, requiring agencies to evaluate how commercially available PII is collected (including from data brokers), and directing agencies to investigate civil rights violations and unlawful discrimination practices enabled by AI tools.

The European Data Protection Board (EDPB) adopted a final ban on Meta’s data processing for behavioral advertising across EU member states and European Economic Area countries. This decision follows a petition from the Norwegian Data Protection Authority urging the EDPB to extend and make permanent their own previously-issued interim ban in Norway. In effect, the EDPB decision clarifies that Meta’s subscription-based consent model does not provide a valid legal basis for its behavioral advertising practices under GDPR.

A bipartisan coalition of 42 U.S. attorneys general across the nation filed suit against Meta in federal and state courts, claiming that Meta’s business practices violate state consumer protection laws and the federal Children’s Online Privacy Protection Act (COPPA). The suit alleges that Meta knowingly designed and deployed features on Instagram and other social media platforms that purposefully harm children’s mental health, while falsely assuring the public that these features are safe and suitable for young users. 

The U.S. Supreme Court will hear arguments in a series of cases concerning state action and constitutional free speech on social media platforms. The cases will examine whether public officials can constitutionally block their constituents on social media, whether social media content moderation laws originating in Texas and Florida violate the First Amendment, and whether the Biden administration’s and social media companies’ joint efforts to curb misinformation online — particularly regarding the COVID-19 vaccine — constitutes censorship by the government. 

The U.S. Securities and Exchange Commission announced charges against SolarWinds Corporation, a Texas-based software company, for defrauding securities investors. The SEC alleges that SolarWinds’ public statements on their website regarding their cybersecurity practices were overstated and at odds with multiple internal assessments, which identified specific and known deficiencies in their cybersecurity practices. 

The G7 reached an agreement on a set of International Guiding Principles on Artificial Intelligence (AI) and a Code of Conduct for AI developers. The voluntary Guiding Principles are intended to help organizations mitigate the risks and potential misuses of AI systems. The Code of Conduct is intended to provide detailed and practical guidance for developers of AI. Both documents are intended to be living and voluntary, to be updated and reviewed as necessary to stay responsive to developments in AI technology. 

(Compiled by Student Fellow Jennifer Kim)

News

California governor Gavin Newsom signed the Delete Act, which requires data brokers to register with the California Privacy Protection Agency (CPPA) and charges the CPPA with developing a one-stop-shop deletion mechanism for consumers to request the deletion of their data held by registered brokers.

Clearview AI successfully appealed a multimillion-pound fine imposed last year by the UK Information Commissioner’s Office, which a court found to lack jurisdiction, as since 2020 Clearview has only accepted law enforcement agencies or national security bodies as clients.

Google is hosting a discussion on potential new protocols that could be used to allow online creators to prevent the inclusion of their data in AI training datasets. 

Meta released a new product allowing users to talk to AI chatbots, many using the likenesses of partner celebrities.

Events

The Journal of Legislation and Public Policy is hosting a symposium (co-sponsored by PRG) on Monday, Oct. 23, about the legal and policy challenges surrounding telehealth. RSVP here.

The Information Law Institute is hosting a symposium on Thursday, Oct. 26, discussing the recent slate of child privacy laws restricting youth access to social media and the internet. RSVP by emailing ILIChildPrivacyRSVP@gmail.com.

(Compiled by Student Fellow Stephanie Chen)

News

In September 25, it was reported that a Chinese programmer had been administratively punished for more than 1 million RMB (approximately 145000 USD) due to his illegal use of VPN and illegal access to the global internet. It is by far the heaviest punishment on the illegal access to global internet issue in China, and the case is still appealable to he higher up administrative department and to the court.

The Federal Court of Canada decided in a right to be forgotten case that Canada’s Private Sectoral Data Protection Law applied to Google’s search results on individuals.

It was reported that there was a large-scale data breach in 23andMe user data, at least a million data points from user accounts were compromised. The majority of victims were of Chinese or Ashkenazi Jewish descent.

Events

On Monday, Oct. 16, The Cardozo FAME Center and Cardozo Entertainment Law Society will be conducting an event called “The Future of Entertainment: AI Takes the Stage”, where a panel of entertainment lawyers and scholars will explore how artificial intelligence is revolutionizing the entertainment industry. The event will be held on Zoom during 06:00 PM – 07:30 PM, and interested attendees can receive the link via email after registering for the event. https://cardozo.yu.edu/events/future-entertainment-ai-takes-stage.

R/T organized a virtual talk on Friday, October 13, from 11:30 to 12:30 pm with Harry Brignull. RSVP at https://docs.google.com/forms/d/e/1FAIpQLSdhjiPVw8M5bOGR8tlzbjxKXfnu12brSu2LIzFsFXZsAbMv6Q/viewform?usp=sf_link.

(Compiled by Student Fellow Jerry Wu)

News

The Canadian Federal Court of Appeal has confirmed that Canadian citizens have the “right to be forgotten” online. In a 2017 case, a man complained that Google violated Canada’s privacy law by displaying outdated and sensitive information about him in search results. The court ruled that Canada’s privacy law applies to Google when indexing web pages and displaying search results linked to individuals’ names.

The Supreme Court has granted cert in cases related to social media censorship laws originating from Texas and Florida. These cases will examine whether such laws raise First Amendment concerns.

In the context of the antitrust proceedings against Google, the CEO of Microsoft provided testimony in Washington, D.C., underscoring the competitive challenges his company encounters due to Google’s significant market dominance.

In connection with the Google antitrust proceedings, it was revealed during a testimony that Google modifies the search terms entered by users to generate results that are more commercially oriented.

Meta Platforms is considering introducing ad-free subscription plans for European users, with a 10 euro per month option being the most likely. This move is driven by the need to adhere to European Union regulations that restrict personalized ads without user consent, which could impact Meta’s primary revenue source. Additionally, for mobile users, the cost may increase to approximately 13 euros due to commissions from Apple’s and Google’s app stores.

China appears to be undergoing a significant shift in its approach to data flow regulation, moving away from the previous practice of conducting security assessments on a case-by-case basis. As a result of this change, numerous businesses will no longer be subject to stringent data transfer restrictions.

Recently the Privacy and Civil Liberties Oversight Board, the PCLOB, released a report on Section 702 of FISA regarding suggested reforms as Congress considers reauthorizing it. The report proposes several key measures, including the necessity for the government to obtain individualized judicial authorization prior to conducting searches on private communications. It also suggests the establishment of clearly defined surveillance objectives deemed lawful, prohibiting the NSA from reinstating data collection without Congressional approval, and implementing an array of privacy oversight and transparency initiatives for assessment reports.

Events

On Weds., Oct. 11, Professor Angela Zhang will present “The Paradox of Chinese AI Regulation: Too Little and Too Much?”, a talk about China’s AI governance regulations and strategies. Professor Benedict Kingsbury will moderate. The event will take place from 5:00 to 6:30pm EST at NYU’s Vanderbilt Hall in Room 216, with a Zoom link available for remote attendees. Professor Zhang’s second book, “High Wire: How China Regulates Big Tech and Governs Its Economy,” is set to be released in Spring 2024.

ILI is hosting on children’s online privacy and the new regulation that’s happening in that area.

(Compiled by Student Fellow Inbar Cohen)

News

The Federal Trade Commission and 17 attorneys general launched a lawsuit against Amazon alleging the company exercises illegal monopoly power through anti-competitive strategies like anti-discounting measures and biasing search results toward Amazon’s own products. The lawsuit seeks a permanent injunction that would bar Amazon from engaging in the practices the suit identifies as unlawful.

The NYPD is piloting a program for robots to provide New York subway patrol services over the next two months. The robots will be accompanies by human police officers during the pilot period.

Regulators in the United Kingdom recently confirmed it will proceed with a “U.K.-U.S. data bridge” that will ensure any data regarding U.K. citizens shared with U.S. data processors will be covered by the U.K.’s data protection regime.

Poland’s Personal Data Protection Office (UODO) is investigating OpenAI over concerns ChatGPT violates the GDPR’s personal data processing provisions.

A ChatGPT mobile upgrade allows users to speak queries to a chatbot that will respond with its own synthesized voice, and to upload photographs for which the app can provide descriptions in response.

Indonesia has banned e-commerce transactions on social media platforms in an effort Indonesian Trade Minister Zulkifli Hasan indicated was an attempt to generate more “fair and just” business competition. The ban is predicted to impede TikTok’s efforts to grow in Southeast Asia.

A former engineer at Apple recently identified a security flaw with the company’s “Find My” feature, as contacts blocked by an Apple user could share their location with the user as a means of harassment and even reactivating their ability to message the user. Apple fixed the flaw and thanked the engineer.

Microsoft is exploring the use of nuclear reactors as a means of powering its data centers.

Tinder is offering a $499/month invite-only subscription program, “Tinder Select,” through which subscribers can directly message other users, including ones with whom they are not already matched.

Events

On Weds., Oct. 11, Professor Angela Zhang will present “The Paradox of Chinese AI Regulation: Too Little and Too Much?”, a talk about China’s AI governance regulations and strategies. Professor Benedict Kingsbury will moderate. The event will take place from 5:00 to 6:30pm EST at NYU’s Vanderbilt Hall in Room 216, with a Zoom link available for remote attendees. Professor Zhang’s second book, “High Wire: How China Regulates Big Tech and Governs Its Economy,” is set to be released in Spring 2024.

The Third Annual Cybersecurity Law and Policy Scholars Conference is taking place this weekend at the Fletcher School of Law & Diplomacy at Tufts University.

NYU hosted a symposium titled Critical Stances Toward AI: For a Critical and Self-Determined Approach to Digital Technology this past week. The Weizenbaum Institute sponsored the symposium in honor of its late namesake, Joseph Weizenbaum.

(Compiled by Student Fellow Cooper Aspegren)

News

On September 19, UK passed the Online Safety Bill  which sets new and tougher duties on social media platforms seeking, among other things, children’s protection and safety.

A federal judge granted a preliminary injunction and blocked enforcement of California Age-Appropriate Design Code Act on First Amendment grounds.

Amazon announced the launch of “Eye Gaze”, a new Alexa feature to support users with mobility or speech disabilities. 

Privacy class action claim against Open AI was dropped.

Fiction authors filed a class action lawsuit in SDNY against Open AI for IP infringement in training their models. (SDNY Docket No. 1:23-cv-8292)

The Irish Data Protection Commission fined TikTok for violations to the GDPR, in particular to provisions protecting minors.

Events

The Information Law Institute (ILI) is co-sponsoring an in-person event on October 26 which will focus on children’s privacy. 

(Compiled by Student Fellow Valentina Salas)