Fighting for You - April 2023 Legislative and Regulatory Update - Articles

Articles

28Apr

Fighting for You - April 2023 Legislative and Regulatory Update

The insights industry faced challenges on multiple advocacy fronts in April, such as: growing risks from the boom in generative AI; new privacy laws and regulations; an FTC proposal to eliminate noncompete agreements; a new attempt at insourcing insights work by the Census Bureau; and a proposed new tax on data in Nevada.

Consumer privacy and data security

A recent report called for a “risk-based regulatory framework” for AI to “allow for its responsible and ethical deployment.”

With the high-profile growth in technology referred to as generative artificial intelligence (AI) or large language models (LLM), such as ChatGPT and Google Bard, many in the insights industry are exploring how to take advantage of or integrate such technologies into our work. However, insights companies and organizations need to be aware of potential legal pitfalls, as regulators and legislators are starting to circle. Can insights companies entrust their data (and other companies’ data or consumers’ information) to such tools, and in what circumstances? What steps should insights companies take when building/deploying (and marketing) their own tools to legally protect themselves and their clients and research subjects?

IA has some recommendations for insights industry professionals approaching generative AI.

In privacy and data security news at the state level:

  • With a few months to spare before the law takes effect, new rules for implementing the Colorado Privacy Act (CPA) are available for insights professionals to get into compliance.
  • The new Utah Social Media Regulation Act was signed into law on March 23 restricting access to and use of social media platforms by Utah residents under the age of 18, with some violations by social media companies subject to private rights of action. While the laws should mostly just capture what we ordinarily think of as social media, rather than insights providers, IA seeks input from those creating and managing MROCs to help us assess the possible impact.
  • Indiana’s comprehensive privacy legislation modeled on Virginia’s recent law, is awaiting the governor’s signature into law.
  • New Hampshire comprehensive privacy legislation based on neighboring Connecticut’s new privacy law, but with a high threshold before a business would be covered by the bill, would be enforced by the state Attorney General (AG).
  • As rules implementing the California Privacy Rights Act (CPRA) were finally approved and declared immediately effective, the California Chamber of Commerce filed a lawsuit to delay any enforcement for at least a year, as required by law, and the insights industry had to raise concerns about a new round of CPRA rules regarding cybersecurity audits, risk assessments and automated decision-making.
  • A bill in California would significantly extend the statute of limitations that applies to civil enforcement actions brought by the Attorney General (AG) against businesses that violate CCPA/CPRA, while another would require impact assessments, governance programs, notice and disclosure for a wide variety of “automated decision tools” that would potentially include methods used to determine participation in insights studies and prevent fraud. Violations of this broad AI regulatory scheme would be subject to private lawsuits.

Meanwhile, at the federal level:

  • The Data Care Act would require insights providers and departments to “fulfill the duties of care, loyalty, and confidentiality” for consumer data online, a potentially subjective and vague set of requirements.
  • Legislation recently passed by a House committee, the NTIA Policy and Cybersecurity Coordination Act, would insert an oft-forgotten agency within the U.S. Department of Commerce into U.S. consumer data privacy and security regulation.
  • The Consumer Protection and Due Process Act would allow the Federal Trade Commission (FTC) to bring enforcement actions against frauds and scams, with proper safeguards.
  • The Consumer Financial Protection Bureau (CFPB) has requested public comment on the practices of data brokers in the collection and sale of consumer information, with unclear implications for the insights industry.

Human Resources

While the Insights Association “agrees that there should be restrictions on noncompete agreements” in employment contracts, IA filed comments on April 18 differing with the FTC's proposed regulations on “what such restrictions should look like and how they should be achieved.” Calling the FTC proposal “legally questionable,” IA urged that, if the agency continues to pursue the rules, “instead of seeking Congressional authorization,” the FTC should “be as specific and measured as possible.”

At the same time, a bill in Congress, the Workforce Mobility Act, would also restrict most noncompetes, with violations subject to private lawsuits.

Census

IA testified to Congress on April 14 that the Census Household Panel, a program the Census Bureau aims to insource from its failed contract to develop an online research panel (the Ask U.S. Panel), is a waste of taxpayer money.

Meanwhile, some Congressmen are seeking better information on which federal government tasks would be better off outsourced to the private sector.

Tax

In Nevada, new legislation would impose an excise tax on the collection of significant amounts of data about Nevada residents, including publicly available information or data only vaguely relating to them. The cost of the tax would escalate significantly as the amount of consumers’ data involved in a given month escalated.

Proposed federal legislation, the Funding Affordable Internet with Reliable (FAIR) Contributions Act, would shift the financing model for the Universal Service Fund (USF) from taxing telephone users to taxing companies that operate online (like insights companies).

Championing the insights industry

As you can see, the threats are serious and varied. As we discussed this week at our Annual Conference in Hilton Head, the Insights Association can only be effective in our battles for the insights industry across the U.S. with the full membership and support of insights industry leaders like you.

Please reach out with any questions on these and other legislative/regulatory/legal issues. We are always here for you.

This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.

About the Author

Howard Fienberg

Howard Fienberg

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.

Related

Language-Inclusive Support and Transparency for Online Services Act - LISTOS Act - S. 1801 and H.R. 3806

Language-Inclusive Support and Transparency for Online Services Act - LISTOS Act - S. 1801 and H.R. 3806

The Language-Inclusive Support and Transparency for Online Services Act (LISTOS Act) (S. 1801, H.R. ...

Read More >
Federal Court Puts Hold on FTC Non-Competes Rule

Federal Court Puts Hold on FTC Non-Competes Rule

A new court decision suggests that the Federal Trade Commission (FTC) rules banning most non-compete...

Read More >
Future of AI Innovation Act - S. 4178

Future of AI Innovation Act - S. 4178

The Future of Artificial Intelligence Innovation Act (S. 4178) would establish standards and provide...

Read More >
California AI Transparency Act - S.B. 942

California AI Transparency Act - S.B. 942

The California AI Transparency Act (S.B. 942) passed the Assembly Privacy Committee on June 18, 2024...

Read More >
Florida Vetoes Bill That Would Have Granted ISO Certification Safe Harbor from Data Security Litigation - H.B. 473

Florida Vetoes Bill That Would Have Granted ISO Certification Safe Harbor from Data Security Litigation - H.B. 473

Florida Governor Ron DeSantis (R) vetoed legislation that would have protected companies and organiz...

Read More >
Iowa Law H.F. 553 Provides Affirmative Defense Against Data Security Lawsuits for ISO Certification

Iowa Law H.F. 553 Provides Affirmative Defense Against Data Security Lawsuits for ISO Certification

Iowa law incentivizes companies to adopt data security certification, such as ISO 27001, by providin...

Read More >
Members only Article - Please login to view