Fighting for You: February 2024 Legislative and Regulatory Update - Articles

Articles

The groundhog didn’t see his shadow in February, so the insights industry is already looking ahead to an early spring (a few snowstorms aside). This month, the Insights Association focused on extensive artificial intelligence legislation at the state level, urgent developments in privacy compliance in California and Washington state, new bills on census issues (including one that would kill the ACS), the insights compliance concerns with sales taxes on SaaS and PaaS, and a couple of new telephone-related bills.

AI

  • IA testified on the Hawaii Artificial Intelligence Safety and Regulation Act, legislation that would launch a new state agency to restrict the development, deployment and use of artificial intelligence (AI) “in accordance with the precautionary principle.”
  • A pair of new bills in California would: (1) require the state to set safety, privacy, and nondiscrimination standards for artificial intelligence (AI) services, and require California state contractors to comply with them; and (2) require expansive disclosures from developers of AI systems or services about the data used to train them, including the use of synthetic data and imputation.
  • Washington state legislation would regulate AI used in decision-making, including decisions involving research subjects who receive any kind of incentives for participation in insights studies.
  • A bill in Connecticut would require risk mitigation and regular impact assessments by developers of generative AI systems, and much broader restrictions on general purpose and high-risk AI systems.
  • Recent Virginia bills would require: (1) extensive assessments and restrictions on high-risk AI systems (it originally included similar restrictions on generative AI as well); and (2) transparency when AI is used in the creation of audio, video or graphics “intending to depict an actual person” or their voice.

Privacy and data security

  • A California court ruled that new regulations for the California Privacy Rights Act (CPRA) / California Consumer Privacy Act (CCPA) are in effect and enforceable immediately, eliminating another couple of months insights professionals thought they still had to get into compliance. This decision means that any other new rules the CPPA comes up with could also take effect immediately, if the agency feels it would be necessary. This is a daunting prospect given all the other regulations the regulator is already considering.
  • The insights industry is running out of time to comply with the Washington My Health My Data Act, a comprehensive state privacy law ostensibly focused on consumer health information, but written extremely broadly, which comes into effect on March 31, 2024. It will be enforced by the state Attorney General and easy (and extensive) private lawsuits.
  • A recent analysis of the first year of consumer complaints under the Virginia Consumer Data Protection Act provided a few early indications of consumer concerns and potential enforcement interest, while a much more detailed report on the first six months of enforcement of the Connecticut Data Privacy Act from the state Attorney General offered more useful compliance guidance (and warnings) for the state comprehensive privacy law, while highlighting areas that the regulator wants to dramatically expand.
  • Legislation advancing in Florida would protect companies and organizations against data security breach liability if they abide by the right cybersecurity standards, including ISO 27001. The cybersecurity litigation protection in this legislation would be a great improvement and benefit for data-dependent companies, like those of us in the insights industry, and another positive precedent to go with similar laws already enacted in Connecticut, Ohio and Utah.

Census

Tax

Increasingly, market research, data analytics, panel-sample providers, and in particular, any Insights Association member that sells and markets what looks, feels, and/or can be characterized as, a Software-as-a-Service (SasS) or Platform-as-a-Service (PaaS), will be subject to sales tax in an increasing number of states across the country. IA outside counsel Stuart Pardau explains why, wherever you are based, you need to be mindful of the sales tax requirements in all 50 states and DC.

Telephone

  • The Deter Obnoxious, Nefarious, and Outrageous Telephone Calls Act (DO NOT Call Act) would dramatically jack up penalties for violations of the Telephone Consumer Protection Act (TCPA), adding jail time.
  • Massachusetts legislation would prohibit many “robocalls” to Massachusetts cell phones (absent a prior existing business relationship), most of which are already restricted by the federal TCPA.

Today is tomorrow. It happened.

Sure, trying to stay abreast of the legislative/regulatory/legal threats to your insights work can seem like you’re trapped in a loop, but the Insights Association is still here to help the industry find opportunities to grow and thrive, and we could not do it without the great support of our members and sponsors.

As ever, we are available to answer your questions and concerns on legislative/regulatory/legal issues. Please stay in touch.

This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.

About the Author

Howard Fienberg

Howard Fienberg

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.

Related

Census Funding Update - FY24 Done and FY25 Slogging Ahead

Census Funding Update - FY24 Done and FY25 Slogging Ahead

It took a long time to wrap up funding for the Census Bureau in Fiscal Year 2024 and the battle over...

Read More >
Language-Inclusive Support and Transparency for Online Services Act - LISTOS Act - S. 1801 and H.R. 3806

Language-Inclusive Support and Transparency for Online Services Act - LISTOS Act - S. 1801 and H.R. 3806

The Language-Inclusive Support and Transparency for Online Services Act (LISTOS Act) (S. 1801, H.R. ...

Read More >
Future of AI Innovation Act - S. 4178

Future of AI Innovation Act - S. 4178

The Future of Artificial Intelligence Innovation Act (S. 4178) would establish standards and provide...

Read More >
California AI Transparency Act - S.B. 942

California AI Transparency Act - S.B. 942

The California AI Transparency Act (S.B. 942) passed the Assembly Privacy Committee on June 18, 2024...

Read More >
Florida Vetoes Bill That Would Have Granted ISO Certification Safe Harbor from Data Security Litigation - H.B. 473

Florida Vetoes Bill That Would Have Granted ISO Certification Safe Harbor from Data Security Litigation - H.B. 473

Florida Governor Ron DeSantis (R) vetoed legislation that would have protected companies and organiz...

Read More >
Iowa Law H.F. 553 Provides Affirmative Defense Against Data Security Lawsuits for ISO Certification

Iowa Law H.F. 553 Provides Affirmative Defense Against Data Security Lawsuits for ISO Certification

Iowa law incentivizes companies to adopt data security certification, such as ISO 27001, by providin...

Read More >
Members only Article - Please login to view