On April 29, 2021, the Federal Trade Commission (FTC) hosted a virtual
Bringing Dark Patterns to Light,” to examine “dark patterns.” In her opening remarks, Acting FTC Chairwoman Rebecca Kelly Slaughter broadly described “dark patterns” as “user interface designs that manipulate users into taking unintended actions that may not be in their interests.” Chairwoman Slaughter highlighted several examples of dark patterns, including confusing cancellation procedures that force users to navigate multiple screens, online applications that hide the material terms of a product or service through the use of inconspicuous drop down links and auto-scroll features, and the addition of products to users’ shopping carts without their knowledge or consent.
For most of 2020, the world struggled with COVID-19 and its effects.
Earlier in the pandemic, we published a
Law360 guest article offering privacy guidance to developers interested in creating contact-tracing applications.[1] Now that entire populations are ready to reopen many aspects of their pre-COVID-19 lives, we found it fitting to update our previous guidance with certain additional privacy and employment issues.
COVID-19 vaccines offer hope, but specific questions nonetheless remain.
For instance, how do concert halls, airports, sports arenas, theaters and schools looking for ways to control this pandemic verify the vaccination status of the individuals they seek to serve?
To print this article, all you need is to be registered or login on Mondaq.com.
In what could be a harbinger of the future regulation of
artificial intelligence (AI) in the United States, the European
Commission published its recent proposal for regulation of AI systems. The
proposal is part of the European Commission s larger European strategy for data, which seeks to defend and promote European values and rights in how we
design, make and deploy technology in the economy. To this
end, the proposed regulation attempts to address the potential
risks that AI systems pose to the health, safety, and fundamental
To embed, copy and paste the code into your website or blog:
It’s a hot spring for state privacy legislation. Privacy bills are pending in roughly 20 states, and while Gramm-Leach-Bliley Act (GLBA) exemptions may act as a cool breeze in some, issues remain:
Some states’ legislation has no GLBA exemption.
Some states’ legislation only contains a data-level exemption, meaning non-GLBA data would be subject to the states’ privacy requirements.
Even those states’ legislation that contains such an entity-level exemption will not insulate insurers from contractual obligations imposed by third parties who are subject to the legislation.
Virginia is the first state to follow California’s lead in adopting comprehensive privacy legislation, but its Consumer Data Protection Act has an entity-level GLBA exemption preventing any direct application to insurers. California, at work again, amended its Consumer Privacy Act (CCPA) by adopting the California Privacy Rights Act (CPRA),
Scope
Like CCPA, VCDPA applies to companies or persons that do business in, or target citizens of, the state and utilizes certain quantitative thresholds to identify which entities may be subject to the law, such as collecting or processing a requisite amount of Virginia residents personal information. However, when comparing VCDPA s jurisdictional analysis to that of CCPA, a standalone revenue threshold (see Note 2) is notably absent; simultaneously bringing smaller companies with large amounts of data under the statute while potentially allowing larger companies to escape its reach.
Although the Big Three (GDPR, CCPA, and VCDPA) share in a broad definition of personal data, VCDPA diverges from its cousins in the treatment of employees and individuals acting in a business capacity. Unlike CCPA, which has a temporary partial carve-out for employees and B2B information, the VCDPA expressly excludes persons acting in a commercial or employment context from the definition of