Month: March 2023

News

The FTC is currently seeking comments on the market impacts and competitive dynamics of cloud computing.

The FTC has published a post on chatbots and deceptive AI-generated content.

More than one thousand AI experts have called for a pause on AI experiments. The NY Times reports on their open letter here.

Relatedly, the Center for AI and Digital Policy has submitted a complaint to the FTC regarding OpenAI.

The decision in recent case Hachette v. Internet Archive will have important implications for library lending and digital first sale generally.

The UK government has issued its new policy on AI, “A pro-innovation approach to AI regulation.”

In the Netherlands, the District Court of Amsterdam has issued a landmark decision against Facebook for certain data collection practices.

There have been updates concerning the European Data Act proposal, which addresses questions of data portability not just regarding personal data but non-personal data as well.

The European Commission has announced new guidelines on exclusionary conduct, aiming to improve overall economic competition and benefit European consumers.

Events

Elettra Bietti and others are organizing an event on different regulatory approaches to digital power and digital markets. If anyone is interesting in attending or receiving more information, please email Bietti at eb4166@nyu.edu.

Next week, the Guarini Colloquium will host Alexandre De Streel to speak on EU platform laws. The event will be held on Monday, April 3 from 4:45 to 6:45.

The Information Society Project at Yale Law School is hosting a conference from March 31^st to April 1^st called “Data (Re)Makes the World.” 

(Compiled by Student Fellow Kiana Boroumand)

News

Deep fake images of Donald Trump being arrested have widely circulated on Twitter and other social media.

Tiktok updated its rules and standards for content after facing the western pressures of a ban.

OpenAI has released GPT4, an updated version of its text generating AI program. Other tech actors such as Microsoft have also dived into the AI text generated activity with programs such as Bing Chat.

Lawmakers in the UK have introduced a new version of GDPR.

Utah passed a sweeping law to limit teen social media access. According to that new law, among other things, social media have to provide parents with passwords to allow them access to the social account of their children.

Events

March 24, 2023: DreyFEST Tickets, New York | Eventbrite 

DreyFEST is the Engelberg Center on Innovation Law & Policy (NYU School of Law) celebration of the career of Professor Rochelle Dreyfuss.

Papers

“Innovation Protection for Platform Competition.” by David Stein. This paper discusses the concentration of power in the digital platform industry and posits that the proposed remedies by the regulators to counteract concentration may inadvertently exacerbate it.

(Compiled by Student Fellow Kevin Xhebexhia)

Events

Law and Political Economy: Labor, Social Control, and Counterpower

This conference will take place from March 31 to April 2, 2023, at Harvard Law School in Cambridge, Massachusetts. It will feature several panels on technology. If interested, please contact Elettra Bietti for more information. 

News

NYC Mayor Eric Adams put forth a guidance calling members of the public to “lower their face masks to reassure store workers they’re not criminals.” This policy elicited a considerable stir among the community, as it implicated not only public health concerns but also issues of privacy—given Adams’ rationale that removing face masks would afford a better chance for security cameras and law enforcement to “identify criminals.” Against the backdrop of this contention, this policy choice raises serious questions about surveillance, identification, and their discriminatory impact on communities of color. 

The FTC is scaling up its efforts to investigate Twitter’s data and privacy practices, focusing on “whether Twitter has adequate resources to protect its users’ privacy after mass layoffs and budgets cuts” ordered by Elon Musk. As a part of its investigation, the commission is seeking an interview with Musk. FTC is one of a handful enforcement agencies that began scrutinizing Twitter after Musk took over leadership. In response to criticism that the FTC was launching an aggressive campaign to harass Twitter, FTC spokesman Farrar countered that “protecting consumers’ privacy is exactly what the FTC is supposed to do.” 

Gigi Sohn, President Biden’s nominee to the FCC, has withdrawn her nomination. Sohn was re-nominated as the third Democratic commissioner at the start of this Congress, after a party-line split on her nomination last year. Her withdrawal comes after a string of opposition to her nomination to the post, including Senator Manchin who announced that he would vote “no” over “years of partisan activism” and Sohn’s alleged alignment with the movement to defund the police and limit police surveillance tools. 

The FTC has proposed banning BetterHelp, Inc., an online counseling service, from “sharing consumers’ health data, including sensitive information about mental health challenges” for targeted advertising. This proposed order also requires BetterHelp to pay $7.8 million for charges revealing that the company shared consumers’ sensitive mental health data with third parties such as Facebook and Snapchat, despite promises of data confidentiality. For further discussion, see the following paper by Joanne Kim, also linked under “Papers” below: Data Brokers and the Sale of Americans’ Mental Health Data. 

Digital payment systems have taken hold of about 99% of the adult population in India, who have adopted a biometric ID number. Deep-rooted reliance on this digital infrastructure intensified in light of the pandemic, as the Indian government “used ID numbers to manage the world’s largest vaccination drive and deliver financial aid.” This trend proves a salient behavioral shift in what was primarily a cash-driven economy.  

The education ministry of Poland has announced its plan to mandate annual physical fitness tests in schools for children in ages 10 and upwards. This proposal will be followed by the aggregation of resultant data in a national database called Sportowe Talenty (Sporting Talents), administered by the sports ministry. In addition to the Institute of Sport, this database will be analyzed and results shared with relevant ministries to inform policymaking in Poland. 

Papers

Data Brokers and the Sale of Americans’ Mental Health Data by Joanne Kim – This paper discusses in depth the sale of sensitive mental health data in the context of the data broker industry and calls for clearer policies for consumer privacy protections in the U.S. 

“Provable Copyright Protection for Generative Models” by Boaz Barak – This post introduces a paper providing “a formalism that enables rigorous guarantees” on the similarity and lack thereof between “the output of a generative model and any potentially copyright data in its training set.” The research uses both language (transformer) and image (diffusion) models to build algorithms that can provide a training pipeline with minimal degradation in efficiency and quality of output. If interested in further discussion, please reach out to mimee@nyu.edu. 

(Compiled by Student Fellow Stephanie Shim)

On February 28, the FTC and CFPB jointly issued a request for information seeking public input about background screening processes in the rental housing market. The agencies are interested in receiving comments regarding the use of “algorithms, automated decision-making, artificial intelligence, or similar technology . . . in the tenant screening process” as they seek to identify practices leading to unfair housing decisions for potential tenants. Comments can be submitted at Regulations.gov for 90 days.

The Commissioners of the FTC have released a joint statement regarding Amazon’s acquisition of One Medical. The statement acknowledges both companies’ representations that they will not share consumers’ “personal health information” for marketing purposes unless they receive clear consent, but notes that the companies should also clarify how they will use protected health information and patient data beyond health care purposes. Commissioner Bedoya and Commissioner Slaughter issued a separate statement highlighting the shortcomings of U.S. privacy laws and the inapplicability of the HIPAA Privacy Rule to de-identified health data.

The FTC published a blog post cautioning marketers to be more deliberate in the advertising of artificial intelligence. Stressing the ambiguous definition of “artificial intelligence,” the post posits that the term has become a hot marketing term vulnerable to overuse and abuse. The post advises marketers that the FTC is on the lookout for “false or unsubstantiated claims about a product’s efficacy” and presents a set of questions for consideration in advertising decisions.

The European Commission has launched a consultation to evaluate funding options for upgrades to the Internet infrastructure needed to ensure capable handling of emerging transformative technologies. The Commission appears to be receptive to the telecommunication industry’s proposal that major tech companies that generate the most traffic should make a significant financial contribution. There is still the remaining question of determining the threshold for what qualifies as a sufficiently large amount of traffic generated.

The Annenberg School for Communication at the University of Pennsylvania released a report analyzing consumer awareness of companies’ use of their data. The report found that a large portion of Americans do not know how companies use their data, believe they have little control over such use, and are frustrated by the perceived corporate control of their digital lives. The report seeks to suggest policies that would allow companies to continue their use of consumer data while keeping in mind its finding that “informed consent at scale is a myth.”

Grocery stores are harvesting shopper data, “enriching” it with more data from third-party brokers, and selling the resulting information to consumer brands for targeted advertising. Kroger and Albertsons, two of the largest supermarket chains in the U.S., claim to share only de-identified or aggregated data. However, it is alarmingly easy to re-identify specific shoppers with just a few variables, which is especially concerning as supermarkets are expanding their selection of products to include health and medical products, which may reveal sensitive private information.

The Italian Data Protection Authority (GPDP) decided that the use of risk stratification algorithms in treating patients is not a part of routine healthcare and that explicit consent of the data subject is required.

(Compiled by Student Fellow Jacob Park)