Fighting for You - April 2023 Legislative and Regulatory Update - Articles

Articles

28Apr

Fighting for You - April 2023 Legislative and Regulatory Update

The insights industry faced challenges on multiple advocacy fronts in April, such as: growing risks from the boom in generative AI; new privacy laws and regulations; an FTC proposal to eliminate noncompete agreements; a new attempt at insourcing insights work by the Census Bureau; and a proposed new tax on data in Nevada.

Consumer privacy and data security

A recent report called for a “risk-based regulatory framework” for AI to “allow for its responsible and ethical deployment.”

With the high-profile growth in technology referred to as generative artificial intelligence (AI) or large language models (LLM), such as ChatGPT and Google Bard, many in the insights industry are exploring how to take advantage of or integrate such technologies into our work. However, insights companies and organizations need to be aware of potential legal pitfalls, as regulators and legislators are starting to circle. Can insights companies entrust their data (and other companies’ data or consumers’ information) to such tools, and in what circumstances? What steps should insights companies take when building/deploying (and marketing) their own tools to legally protect themselves and their clients and research subjects?

IA has some recommendations for insights industry professionals approaching generative AI.

In privacy and data security news at the state level:

  • With a few months to spare before the law takes effect, new rules for implementing the Colorado Privacy Act (CPA) are available for insights professionals to get into compliance.
  • The new Utah Social Media Regulation Act was signed into law on March 23 restricting access to and use of social media platforms by Utah residents under the age of 18, with some violations by social media companies subject to private rights of action. While the laws should mostly just capture what we ordinarily think of as social media, rather than insights providers, IA seeks input from those creating and managing MROCs to help us assess the possible impact.
  • Indiana’s comprehensive privacy legislation modeled on Virginia’s recent law, is awaiting the governor’s signature into law.
  • New Hampshire comprehensive privacy legislation based on neighboring Connecticut’s new privacy law, but with a high threshold before a business would be covered by the bill, would be enforced by the state Attorney General (AG).
  • As rules implementing the California Privacy Rights Act (CPRA) were finally approved and declared immediately effective, the California Chamber of Commerce filed a lawsuit to delay any enforcement for at least a year, as required by law, and the insights industry had to raise concerns about a new round of CPRA rules regarding cybersecurity audits, risk assessments and automated decision-making.
  • A bill in California would significantly extend the statute of limitations that applies to civil enforcement actions brought by the Attorney General (AG) against businesses that violate CCPA/CPRA, while another would require impact assessments, governance programs, notice and disclosure for a wide variety of “automated decision tools” that would potentially include methods used to determine participation in insights studies and prevent fraud. Violations of this broad AI regulatory scheme would be subject to private lawsuits.

Meanwhile, at the federal level:

  • The Data Care Act would require insights providers and departments to “fulfill the duties of care, loyalty, and confidentiality” for consumer data online, a potentially subjective and vague set of requirements.
  • Legislation recently passed by a House committee, the NTIA Policy and Cybersecurity Coordination Act, would insert an oft-forgotten agency within the U.S. Department of Commerce into U.S. consumer data privacy and security regulation.
  • The Consumer Protection and Due Process Act would allow the Federal Trade Commission (FTC) to bring enforcement actions against frauds and scams, with proper safeguards.
  • The Consumer Financial Protection Bureau (CFPB) has requested public comment on the practices of data brokers in the collection and sale of consumer information, with unclear implications for the insights industry.

Human Resources

While the Insights Association “agrees that there should be restrictions on noncompete agreements” in employment contracts, IA filed comments on April 18 differing with the FTC's proposed regulations on “what such restrictions should look like and how they should be achieved.” Calling the FTC proposal “legally questionable,” IA urged that, if the agency continues to pursue the rules, “instead of seeking Congressional authorization,” the FTC should “be as specific and measured as possible.”

At the same time, a bill in Congress, the Workforce Mobility Act, would also restrict most noncompetes, with violations subject to private lawsuits.

Census

IA testified to Congress on April 14 that the Census Household Panel, a program the Census Bureau aims to insource from its failed contract to develop an online research panel (the Ask U.S. Panel), is a waste of taxpayer money.

Meanwhile, some Congressmen are seeking better information on which federal government tasks would be better off outsourced to the private sector.

Tax

In Nevada, new legislation would impose an excise tax on the collection of significant amounts of data about Nevada residents, including publicly available information or data only vaguely relating to them. The cost of the tax would escalate significantly as the amount of consumers’ data involved in a given month escalated.

Proposed federal legislation, the Funding Affordable Internet with Reliable (FAIR) Contributions Act, would shift the financing model for the Universal Service Fund (USF) from taxing telephone users to taxing companies that operate online (like insights companies).

Championing the insights industry

As you can see, the threats are serious and varied. As we discussed this week at our Annual Conference in Hilton Head, the Insights Association can only be effective in our battles for the insights industry across the U.S. with the full membership and support of insights industry leaders like you.

Please reach out with any questions on these and other legislative/regulatory/legal issues. We are always here for you.

This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.

About the Author

Howard Fienberg

Howard Fienberg

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.

Related

New California Law A.B. 1008 Muddies the Definition of Personal Information

New California Law A.B. 1008 Muddies the Definition of Personal Information

A new California law muddies the water for defining personal information in the California Privacy P...

Read More >
California AI Safety Bill S.B. 1047 Vetoed

California AI Safety Bill S.B. 1047 Vetoed

​​​​​​​The governor vetoed the Safe and Secure Innovation for Frontier Artificial Intelligenc...

Read More >
New California Law S.B. 1223 Adds Neural Data to CCPA-CPRA

New California Law S.B. 1223 Adds Neural Data to CCPA-CPRA

​​​​​​​The California governor signed S.B. 1223 into law, restricting consumer neural data as...

Read More >
California A.B. 1949 Vetoed - Would Have Dramatically Expanded Minors’ Privacy Restrictions

California A.B. 1949 Vetoed - Would Have Dramatically Expanded Minors’ Privacy Restrictions

The ​​​​​​​California governor vetoed A.B. 1949, legislation opposed by the Insights Associat...

Read More >
Fighting for You: September 2024 Legislative and Regulatory Update

Fighting for You: September 2024 Legislative and Regulatory Update

Cool winds are blowing through DC and the state capitols, but the action in September remained hot o...

Read More >
Constitutional amendment proposed to restrict apportionment to U.S. citizens - H.J.Res. 37

Constitutional amendment proposed to restrict apportionment to U.S. citizens - H.J.Res. 37

H.J.Res. 37 would amend the Constitution to require apportionment of congressional seats to be based...

Read More >
Members only Article - Please login to view