Legal Affairs

Legal and compliance guidance for the insights industry—covering privacy, data security, AI, research operations, and emerging laws that affect how we collect, use, and protect data.

Legal Affairs

Resources

The Insights Association provides legal and compliance information—much of it members-only—on a wide range of issues impacting the insights industry.

Topics include artificial intelligence (AI), consumer data privacy, data security and protection, the U.S. Data Security Program and the Protecting Americans Data from Foreign Adversaries Act, data broker laws, youth privacy, respondent incentives, polling issues, telephone/texting/fax rules, healthcare market research, Canada and other international laws, taxes, accessibility, business operations, and human resources (HR), along with model clauses, contracts, and forms.

Compliance Portals & Member Resources

IA maintains compliance portals for the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), and an ever-growing patchwork of comprehensive state privacy laws. IA also provides model clauses and contracts to support day-to-day compliance.

Please note: only IA company/department members have access to the most current, expanded, “top-of-the-line” versions of IA’s model contracts and clauses.

Artificial Intelligence (AI)

Key AI laws, regulations, and guidance affecting the insights industry—organized by U.S. federal developments, state laws, international regulation, and practical compliance resources.

Featured Developments

EU AI Act — Compliance Preparations Start NowPresident Trump on AI Training and Copyrights
On July 23, 2025, President Donald Trump raised concerns about intellectual property (IP) and AI training—an issue largely absent from his AI action plan—and insights industry experts are responding.

White House Pushes Back on State AI Regulations
President Trump signed a new executive order (EO) on artificial intelligence (AI), aiming to preempt state laws and regulations on multiple fronts that may impact the insights industry in the U.S.

EU AI Act — Compliance Preparations Start Now
The EU AI Act took effect August 1, 2024, with staggered compliance deadlines. As with GDPR, organizations can be covered even without a physical EU presence.

U.S. Federal

FTC Warning on AI-Driven Changes to Privacy Policies
FTC warning focused on privacy-policy changes that could enable broad data “harvesting” to support AI.

FTC Guidance on Using AI Chatbot
Guidance for organizations developing and deploying AI-powered chatbots—relevant to many insights use cases.

U.S. Enforcement Agencies Issue Warning for Artificial Intelligence
Four federal agencies warned about discrimination and bias in AI and automated systems, and outlined enforcement approaches.

FTC Vows to Enforce Copyright Laws Regarding AI
FTC signaled it will use enforcement authority against deceptive or unfair AI-generated content practices that violate copyright law.

USPTO: Significant Human Contribution Needed for AI-Assisted Inventions
USPTO guidance indicates AI-assisted inventions may be patentable when a human “significantly contributed,” and non-human entities cannot be named inventors.

International

EU AI Act — Compliance Preparations Start Now
EU AI Act effective Aug 1, 2024 with staggered compliance deadlines; can apply beyond EU borders.

Singapore PDPC Guidance on Synthetic DataRegulatory guidance on synthetic data generation that may help insights organizations evaluating synthetic data approaches.

U.S. State Laws & Updates

California

S.B. 243 — Restricts lifelike “companion” chatbots; adds protocols, disclosures, reports.
A.B. 316 — AI is no legal defense for alleged harm.
S.B. 53 — Frontier AI safety disclosures; penalties for violations.
A.B. 2013 — Requires disclosures about generative AI training data.
S.B. 942 — AI transparency requirements; content ID tools; research restrictions; contracting rules.
A.B. 1008 — Complicates “personal information” definitions by capturing AI systems capable of outputting PI.S.B. 896 — State procurement/contractor considerations + AI content disclaimers.
A.B. 2885 — Defines “artificial intelligence” and cross-references other state laws.
(2019) — Older chatbot transparency law; generally not applicable to insights uses.
CA rules — Expand employment anti-discrimination to include AI-enabled discrimination.

Colorado

S.B. 205 — Consumer disclosure for AI interactions; requirements for “high-risk” AI systems.

Delayed — Colorado has delayed the effective date of the state artificial intelligence (AI) law to June 30, 2026.

Illinois

H.B. 3773 - Restricts the use of AI tied to discrimination risk in employment and hiring

New Jersey

Guidance on how New Jersey’s anti-discrimination law applies to “algorithmic discrimination” involving AI and related data-driven technologies.

New York

RAISE Act — Proposed/aims to regulate cutting-edge systems via liability, safety protocols, notices, and fees.

S. 3008 — Safety + transparency for companion chatbots; notice requirements related to algorithmic pricing.

Oregon

Attorney General guidance explains how multiple Oregon laws may regulate or restrict AI use.

Texas

TRAIGA (H.B. 149) prohibits intentional unlawful manipulation or discrimination via AI systems and restricts certain government agency uses.

Utah

Utah’s AI law requires companies/organizations to clearly disclose when someone is “interacting with generative artificial intelligence and not a human.” It launched a state program to study the risks of AI, in which participating companies could get licensed and receive temporary regulatory protections. It also added “synthetic data” to the definition of “deidentified data” in Utah’s comprehensive state privacy law.

Amended/extended: through July 1, 2027; narrows disclosures to consumer interactions; safe harbor for up-front and ongoing disclosures.

Core Legal Risk Topics

Potential Risks for Insights Industry in Generative AI - Overview of common legal pitfalls tied to generative AI/LLMs (e.g., chatbot deployments, data sourcing/training issues, output risks)

Compliance Resources

Potential Compliance Checklist for Using Generative AI

As insights companies and departments grapple with how to approach generative AI in their work, some proposed starting points for internal compliance checklists have come to light.

Associations Shaping the Future of AI in Market Research - Opportunities, Ethics and Regulation

Then-Insights Association CEO Melanie Courtright discusses a "sense of urgency" regarding AI, in concert with our fellow associations, and "unprecedented coordination to ensure a complete and unified approach"

Model AI Disclaimers and Disclosures

Access: This resource is available to IA company members only.

Consumer Data Privacy

Stay current on privacy laws, enforcement trends, and practical compliance guidance for the insights industry.
Browse portals for major frameworks, then dive into compliance essentials, state-specific rules, and emerging litigation risks.

Quick-Access Portals

CCPA/CPRA Portal

All information on the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

State Consumer Data Privacy Law Portal

IA compliance information for comprehensive state privacy laws and related requirements.

GDPR Portal

Everything you need for the European Union (EU) General Data Protection Regulation (GDPR)

Consumer Data Privacy

Litigation and Enforcement Watch

High-impact legal developments and enforcement trends shaping privacy risk.

CIPA Lawsuits and the Research Industry

Lawsuits alleging common online tools “intercept” communications without consent under California’s CIPA.

LiveRamp Privacy Case Raises the Stakes for Transparency in the Insights Industry

Highlights growing legal and reputational risk when personal data is collected/monetized without meaningful notice.

Handling Third-Party Document Production Requests

Guidance for subpoenas and document requests: protecting client and respondent information and preparing ahead.

Compliance Fundamentals and Practical Policies

Operational building blocks that make privacy compliance manageable.

Privacy and Data Security Compliance Is Manageable When You Focus on These 5 Things

Practical compliance perspective and priorities from IA outside counsel.

Privacy Policies for Survey, Opinion and Marketing Research Companies

How to craft a compliant privacy policy for an insights organization.

Developing a Data Retention Policy

Steps to develop and implement a strong data retention program.

Best Practices to Involve Employees in Data Security Efforts

Five ways to turn employees into data security assets.

Push Polls & Polling

Quick guidance on deceptive “push polls” and a snapshot of key state laws addressing political advocacy calls and polling disclosure requirements.

"Push Polls" — Deceptive Advocacy Disguised as Polling

The insights industry opposes “push polling,” which is political messaging or negative phone banking falsely presented as research. Legitimate polling can test messages; push polls deliver them.

New Hampshire Push Poll Law

New Hampshire restricts political advocacy telephone calls labeled “push-polling,” while explicitly excluding bona fide survey and opinion research after reforms signed April 23, 2014.

Wisconsin Polling Disclosure Law

Wisconsin requires political telephone pollsters to disclose who is funding the poll if a respondent asks, supporting transparency around sponsorship.

Disclaimer: This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.