Fighting for You September 2023 Legislative and Regulatory Update - Articles

Articles

While temperatures are starting to dip, concerns still simmered in September for the insights industry as we dealt with more new state privacy laws, burgeoning regulation of AI, and other pressing advocacy issues.

Privacy and Data Security

IA analyzed three new comprehensive (or nearly comprehensive) state privacy laws in September:

  • The Oregon Consumer Privacy Act (OCPA) was signed into law on July 18. It is based on Colorado's and Connecticut's recent laws, but with a few key differences.
  • The Texas Data Privacy and Security Act was signed into law on June 18. It was modeled on Virginia’s law, and bears similarities to other recent state laws.
  • A new health privacy law in Nevada, while not quite as comprehensive as a lot of the other recent state privacy laws, still will have a broad impact on the insights industry.

We also saw big changes to Connecticut’s existing comprehensive privacy law:

In the face of an ever-growing patchwork of U.S. state comprehensive consumer privacy and data security laws with which the insights industry must contend, the Insights Association launched a new centralized hub for compliance information with all these laws.

 

Meanwhile, Pennsylvania is considering its own comprehensive privacy legislation modeled on Connecticut's and Colorado’s laws.

 

On the so-called ‘data broker’ front, we saw:

As for online tracking technology, a new bulletin from the U.S. Health and Human Services Department (HHS) highlighted obligations for covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA) when using such tech (and reminded them about civil penalties for violations).

 

Finally, three states have new laws restricting minors’ data privacy online that could impact market research online communities (MROCs):

  • A new Texas law will require many social media platforms – and MROCs – to verify users, allow parents/guardians to access/control accounts of their kids under age 18, and filter harmful content.
  • The Louisiana Secure Online Child Interaction and Age Limitation Act will restrict access to and use of social media platforms – and potentially larger MROCs – by Louisiana residents under the age of 16.
  • The Arkansas Social Media Safety Act prohibits large social media platforms – potentially including some MROCs – from granting access to minors under age 18 absent parental consent, punishable by private lawsuits. It also restricts access by other companies to personal data on the platforms.

Artificial Intelligence (AI)

As insights companies and departments grapple with how to approach generative AI in their work, some proposed starting points for internal compliance checklists have come to light, complementing the Insights Association’s earlier compliance guidance for members.

A few states are starting to work on AI regulation, including:

As for Congressional action on AI in the U.S.:

  • The Senate Judiciary Committee recently had a pair of interesting hearings about AI, one discussing how to approach AI regulation and the other considering “the impact of artificial intelligence on copyright law and policy and the creative community” from AI.
  • The National AI Commission Act was proposed in the U.S. House to establish a commission to further the careful regulation of artificial intelligence; and
  • Richard Blumenthal (D-CT) and Josh Hawley (R-MO), after referencing their ideas in multiple hearings this summer, promoted a 1-page summary of how they want to approach restricting AI, including with a centralized government regulator and enforcer, and a private right of action.

Finally, while our neighbors to the north have not approved legislation on AI, the Canadian Government proposed a voluntary code of conduct for AI on which it is currently seeking input.

Miscellaneous: Census; push polls

  • With a potential government shutdown looming and major design decisions for the 2030 decennial census almost upon us, the Insights Association joined more than 90 groups urging higher funding for the Census Bureau in Fiscal Year 2024.
  • Massachusetts legislation, modeled on New Hampshire‘s law that targets push polls for disclosures and transparency while protecting bona fide research (which IA helped to conceive and pass into law), received a hearing.

Your support makes all the difference

Without your support, the Insights Association cannot effectively advocate for the insights industry on these and other important public policy issues across America. IA’s members and sponsors provide the resources IA needs to defend and advance the whole industry.

We are always available to answer your questions on these and other legislative/regulatory/legal issues. Please keep in touch.

This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.

About the Author

Howard Fienberg

Howard Fienberg

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.

Related

Census Funding Update - FY24 Done and FY25 Slogging Ahead

Census Funding Update - FY24 Done and FY25 Slogging Ahead

It took a long time to wrap up funding for the Census Bureau in Fiscal Year 2024 and the battle over...

Read More >
Language-Inclusive Support and Transparency for Online Services Act - LISTOS Act - S. 1801 and H.R. 3806

Language-Inclusive Support and Transparency for Online Services Act - LISTOS Act - S. 1801 and H.R. 3806

The Language-Inclusive Support and Transparency for Online Services Act (LISTOS Act) (S. 1801, H.R. ...

Read More >
Future of AI Innovation Act - S. 4178

Future of AI Innovation Act - S. 4178

The Future of Artificial Intelligence Innovation Act (S. 4178) would establish standards and provide...

Read More >
California AI Transparency Act - S.B. 942

California AI Transparency Act - S.B. 942

The California AI Transparency Act (S.B. 942) passed the Assembly Privacy Committee on June 18, 2024...

Read More >
Florida Vetoes Bill That Would Have Granted ISO Certification Safe Harbor from Data Security Litigation - H.B. 473

Florida Vetoes Bill That Would Have Granted ISO Certification Safe Harbor from Data Security Litigation - H.B. 473

Florida Governor Ron DeSantis (R) vetoed legislation that would have protected companies and organiz...

Read More >
Iowa Law H.F. 553 Provides Affirmative Defense Against Data Security Lawsuits for ISO Certification

Iowa Law H.F. 553 Provides Affirmative Defense Against Data Security Lawsuits for ISO Certification

Iowa law incentivizes companies to adopt data security certification, such as ISO 27001, by providin...

Read More >
Members only Article - Please login to view