­­­Fighting for You: Summer 2023 Legislative and Regulatory Update - Articles

Articles

As we close out an intense summer for the insights industry, the Insights Association has been focused on a wide variety of policy issues, including: the launch of a new program for legally transferring European Union personal data to the U.S.; looming worries in complying with state comprehensive consumer data privacy laws that came into effect on July 1, and newly-passed state laws in Florida and Tennessee; the latest developments in compliance concerns and regulation of artificial intelligence; U.S. Senate committee passage of a bill that would potentially lead to the unionization of research subjects who receive participant incentives; proposed rules that would require the blocking and mis-labeling of legal phone calls; and much more.

Federal Privacy & Data Security

IA looked at legislation this summer that would:

  • require all guidance from federal agencies to be published in a centralized and easily accessible online location;
  • prohibit data brokers from selling, reselling, trading, licensing, or otherwise providing for consideration lists of military servicemembers to certain dangerous foreign countries;
  • require anyone maintaining a website, as well as online sellers or distributors of mobile apps, that maintains and stores information in China to conspicuously disclose to users that fact and whether the information is accessible by the Chinese Communist Party or a Chinese state-owned entity.

We also recapped a series of Congressional hearings on the authority and power of the Federal Trade Commission (FTC), the data broker ecosystem, the deficiencies in the current stratified privacy regimes, and the need for a national privacy standard.

Our Privacy for America coalition has also been busy dealing with federal regulators, including:

On the legal front, IA examined a recent FTC policy statement on biometric data privacy and what it means for the insights industry’s compliance.

EU-U.S. Data Privacy

Looking internationally, we welcomed the European Union – U.S. Data Privacy Framework (DPF), the new program providing the U.S. insights industry with legal certainty for trans-Atlantic data sharing, replacing the defunct Privacy Shield. It went live on July 17, 2023.

Juliana Wood, IA’s Director of Certifications, commented: “IA company members who maintained their Privacy Shield enrollment throughout the last few chaotic years are being rewarded with the ease of transitioning to this new program. These companies do not have to fully re-certify, but will need to take steps to update their compliance with the DPF.  Insights companies will find this self-certification to be a less-burdensome alternative to the standard contractual clauses (or to no option at all) for legal trans-Atlantic data transfers and we are eager to assist in navigating the required steps toward compliance.”

State Privacy & Data Security

July 1st was the compliance deadline for three new comprehensive consumer data privacy and security regimes coming into effect – the California Privacy Rights Act (CPRA), the Colorado Privacy Act and the Connecticut Data Privacy Act – so the Insights Association shared some reminders and compliance information for the insights industry.

Of course, the drama never stops in the Golden State, and at the last minute, the California Superior Court ruled that while the CPRA law is now enforceable, enforcement of the CPRA’s new regulations must be delayed until March 29, 2024. Even so, the new privacy regulator still set out its enforcement priorities for businesses and started looking at specific language for yet more problematic regulations. Sacramento legislators also continued to work on legislation expanding the California data broker law to turn it into a centralized deletion mechanism.

Even as some state laws came into effect, new comprehensive state laws continued to be passed this summer, including:

  • Tennessee’s new law is modeled on several other recent ones. It will be enforced by the state Attorney General, but it includes a right to cure violations (that does not sunset) and provides a safe harbor for compliance with certain privacy programs.
  • Florida’s new law provides many of the usual consumer rights and protections, enforced by the state Attorney General, but only covers some of the biggest tech platforms and ad sellers.

(IA analyses are coming soon of several other newly-passed comprehensive state privacy laws.)

On newly-signed, but more narrowly-scoped, laws:

  • Oregon will require some insights companies, particularly sample providers, to register as “data brokers” in the state’s new registry (and IA is helping with writing the rules); and
  • New York prohibits geofencing around a health care facility.

Artificial Intelligence (AI)

  • In discussing her intentions in regulating artificial intelligence (AI), FTC Chair Lina Khan wrote recently that, “as the use of AI becomes more widespread, public officials have a responsibility to ensure” that “history doesn’t repeat itself.”
  • Not long after IA released guidance for the insights industry in approaching generative AI, a new report emerged emphasizing the “need to ensure that the risks posed by this new technology are identified and mitigated through responsible development practices.”
  • A U.S. Senator proposed a harsh approach to regulating AI including punitive private lawsuits.
  • Congressional hearings examined the civil and human rights impact of AI's rise and where the patent system is going in relation to AI innovation and U.S. competitiveness.

If you’re interested in learning more about where and when artificial intelligence best integrates into the insights workstream to provide the greatest efficiency with the least risk, there are a ton of brand-led sessions you’ll want to check out at the Corporate Researchers Conference, November 1-3 in Chicago.

Research Subjects = Independent Contractors

The Protecting the Right to Organize Act (PRO Act) -- legislation that would potentially lead to the unionization of research subjects who receive participant incentives – passed the Senate Health Education Labor and Pensions (HELP) Committee on a party-line vote in June.

Also, at a recent Congressional hearing, FTC leadership was on the defensive about their involvement in the independent contractor status debate.

IA will continue to advocate for proper classification of research subjects as independent contractors when they receive incentives for participating in market research studies.

Telephone

A coalition of lawful callers, including the Insights Association, requested that the Federal Communications Commission (FCC) “exercise care to avoid preventing the transmission of legal calls in its effort to deter illegal robocalls” and “not create the same problem that it is trying to fight.”

In August, the coalition submitted comments to the FCC, calling upon the agency not to require “terminating [voice service] providers to implement analytics-based blocking, as this would lead to the excessive and inappropriate blocking of lawful calls, exceed the Commission’s statutory authority, and run afoul of the First Amendment.”

The coalition also urged the FCC to “refrain from taking any action that would suggest its endorsement of labels that reflect a legal judgment, such as ‘scam likely,’” when considering call labeling requirements. “These judgmental labels are often mistaken. As a result, they are harmful to consumers and law-abiding calling parties alike. Informative labels such as ‘telemarketing’ or ‘opinion poll’ are far more likely to be helpful to consumers and pose far less risk of harm to legitimate businesses.”

Human Resources

A recent memo from the National Labor Relations Board (NLRB) threatens the continued use of non-compete clauses in employment contracts.

Tax

South Carolina reintroduced legislation that would impose sales tax on a variety of services, explicitly including market research.

Advancing the Insights Industry in Every Season

The Insights Association can only make the case for the insights industry on these and other important public policy issues across the U.S. with YOUR support. Amidst all the turmoil, IA’s members and sponsors provide the resources necessary to defend and advance the whole industry.

We remain available to answer your questions on these and other legislative/regulatory/legal issues. Please stay in touch.

This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.

About the Author

Howard Fienberg

Howard Fienberg

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.

Related

Disclosures About Generative AI Training Data Required by New California law A.B. 2013

Disclosures About Generative AI Training Data Required by New California law A.B. 2013

A new law in California requires expansive disclosures from developers of generative artificial inte...

Read More >
New California Law - the California Artificial Intelligence Accountability Act - S.B. 896

New California Law - the California Artificial Intelligence Accountability Act - S.B. 896

The California Artificial Intelligence Accountability Act (S.B. 896), a new law in the Golden State,...

Read More >
New California Law Defines Artificial Intelligence - A.B. 2885

New California Law Defines Artificial Intelligence - A.B. 2885

A new law in California sets out a definition of artificial intelligence (AI) and adds cross referen...

Read More >
California AI Transparency Act is Now Law - S.B. 942

California AI Transparency Act is Now Law - S.B. 942

A new law in California requires various embedded disclosures from generative AI developers, tools t...

Read More >
New California Law A.B. 1008 Muddies the Definition of Personal Information

New California Law A.B. 1008 Muddies the Definition of Personal Information

A new California law muddies the water for defining personal information in the California Privacy P...

Read More >
California AI Safety Bill S.B. 1047 Vetoed

California AI Safety Bill S.B. 1047 Vetoed

​​​​​​​The governor vetoed the Safe and Secure Innovation for Frontier Artificial Intelligenc...

Read More >
Members only Article - Please login to view