The insights industry faced challenges on multiple advocacy fronts in April, such as: growing risks from the boom in generative AI; new privacy laws and regulations; an FTC proposal to eliminate noncompete agreements; a new attempt at insourcing insights work by the Census Bureau; and a proposed new tax on data in Nevada.
Consumer privacy and data security
A recent report called for a “risk-based regulatory framework” for AI to “allow for its responsible and ethical deployment.”
With the high-profile growth in technology referred to as generative artificial intelligence (AI) or large language models (LLM), such as ChatGPT and Google Bard, many in the insights industry are exploring how to take advantage of or integrate such technologies into our work. However, insights companies and organizations need to be aware of potential legal pitfalls, as regulators and legislators are starting to circle. Can insights companies entrust their data (and other companies’ data or consumers’ information) to such tools, and in what circumstances? What steps should insights companies take when building/deploying (and marketing) their own tools to legally protect themselves and their clients and research subjects?
IA has some recommendations for insights industry professionals approaching generative AI.
In privacy and data security news at the state level:
- With a few months to spare before the law takes effect, new rules for implementing the Colorado Privacy Act (CPA) are available for insights professionals to get into compliance.
- The new Utah Social Media Regulation Act was signed into law on March 23 restricting access to and use of social media platforms by Utah residents under the age of 18, with some violations by social media companies subject to private rights of action. While the laws should mostly just capture what we ordinarily think of as social media, rather than insights providers, IA seeks input from those creating and managing MROCs to help us assess the possible impact.
- Indiana’s comprehensive privacy legislation modeled on Virginia’s recent law, is awaiting the governor’s signature into law.
- New Hampshire comprehensive privacy legislation based on neighboring Connecticut’s new privacy law, but with a high threshold before a business would be covered by the bill, would be enforced by the state Attorney General (AG).
- As rules implementing the California Privacy Rights Act (CPRA) were finally approved and declared immediately effective, the California Chamber of Commerce filed a lawsuit to delay any enforcement for at least a year, as required by law, and the insights industry had to raise concerns about a new round of CPRA rules regarding cybersecurity audits, risk assessments and automated decision-making.
- A bill in California would significantly extend the statute of limitations that applies to civil enforcement actions brought by the Attorney General (AG) against businesses that violate CCPA/CPRA, while another would require impact assessments, governance programs, notice and disclosure for a wide variety of “automated decision tools” that would potentially include methods used to determine participation in insights studies and prevent fraud. Violations of this broad AI regulatory scheme would be subject to private lawsuits.
Meanwhile, at the federal level:
- The Data Care Act would require insights providers and departments to “fulfill the duties of care, loyalty, and confidentiality” for consumer data online, a potentially subjective and vague set of requirements.
- Legislation recently passed by a House committee, the NTIA Policy and Cybersecurity Coordination Act, would insert an oft-forgotten agency within the U.S. Department of Commerce into U.S. consumer data privacy and security regulation.
- The Consumer Protection and Due Process Act would allow the Federal Trade Commission (FTC) to bring enforcement actions against frauds and scams, with proper safeguards.
- The Consumer Financial Protection Bureau (CFPB) has requested public comment on the practices of data brokers in the collection and sale of consumer information, with unclear implications for the insights industry.
Human Resources
While the Insights Association “agrees that there should be restrictions on noncompete agreements” in employment contracts, IA filed comments on April 18 differing with the FTC's proposed regulations on “what such restrictions should look like and how they should be achieved.” Calling the FTC proposal “legally questionable,” IA urged that, if the agency continues to pursue the rules, “instead of seeking Congressional authorization,” the FTC should “be as specific and measured as possible.”
At the same time, a bill in Congress, the Workforce Mobility Act, would also restrict most noncompetes, with violations subject to private lawsuits.
Census
IA testified to Congress on April 14 that the Census Household Panel, a program the Census Bureau aims to insource from its failed contract to develop an online research panel (the Ask U.S. Panel), is a waste of taxpayer money.
Meanwhile, some Congressmen are seeking better information on which federal government tasks would be better off outsourced to the private sector.
Tax
In Nevada, new legislation would impose an excise tax on the collection of significant amounts of data about Nevada residents, including publicly available information or data only vaguely relating to them. The cost of the tax would escalate significantly as the amount of consumers’ data involved in a given month escalated.
Proposed federal legislation, the Funding Affordable Internet with Reliable (FAIR) Contributions Act, would shift the financing model for the Universal Service Fund (USF) from taxing telephone users to taxing companies that operate online (like insights companies).
Championing the insights industry
As you can see, the threats are serious and varied. As we discussed this week at our Annual Conference in Hilton Head, the Insights Association can only be effective in our battles for the insights industry across the U.S. with the full membership and support of insights industry leaders like you.
Please reach out with any questions on these and other legislative/regulatory/legal issues. We are always here for you.
This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.