Blog
Revised Version of APRA Advances Out of U.S. House Subcommittee
May 28, 2024
Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
USA
Revised Version of APRA Advances Out of U.S. House Subcommittee
A new version of the draft American Privacy Rights Act of 2024 (APRA), a proposed national comprehensive privacy law, was published Tuesday and then passed out of the Innovation, Data and Commerce Subcommittee. The bill will now advance to the full House Energy and Commerce Committee.
TAKEAWAY
The new version of APRA maintains the same general structure as the original draft, but with several revisions. One notable change is that a clarification was added to the data minimization exception regarding targeted advertising, which excludes “sensitive covered data” (i.e., the data minimization requirements do not prohibit use of data for targeted advertising, except with respect to sensitive covered data). This created an inconsistency in the original draft, because the definition of “sensitive covered data” included “data collected over time and across websites or online services that do not share common branding or over time on any website or online service operated by a covered high-impact social media company”, which essentially describes third-party targeted advertising. The updated draft added a clarification that the exception to data minimization for targeted advertising excludes “sensitive covered data (other than covered data collected over time and across websites or online services that do not share common branding or over time on any website or online service operated by a covered high-impact social media company)”, meaning that the data minimization requirements do not prohibit or require opt-in consent for targeted advertising, as long as it does not involve other forms of sensitive covered data and the individual has not opted out.
Europe
European Council Gives Final Approval for EU AI Act Adoption
A final version of the EU AI Act has been approved by the European Council, meaning that, once published (expected within the next month), a clock for the law’s phased application will begin. Certain provisions (banning certain “unacceptable” AI systems, such as those involving cognitive behavioral manipulation and social scoring, and regulating general purpose AI) will apply 6 months and 1 year after publication, respectively, while most provisions will apply 2 years after publication, and some restrictions on AI developed in the US and sold to the EU will apply 3 years after publication.
TAKEAWAY
For most businesses involved in limited-risk AI use, the primary obligation under the EU AI Act will be transparency (ensuring, for example, that users are informed or aware that they are interacting with an AI system and that outputs are marked as artificially generated or manipulated). Additional requirements and restrictions will apply to use, development and deployment of higher-risk AI, including implementation of certain risk-management, data governance, documentation, record-keeping, human oversight, cybersecurity and notification requirements. Providers of general-purpose AI models will be subject to certain documentation, policy and disclosure requirements regarding, for example, the capabilities and limitations of the AI model and the content used for training, will be required to designate a representative to perform certain tasks, and, if systemic risk is involved, will be required to perform certain additional evaluations, assessments and reports and apply additional cybersecurity protections.
Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Latest Blog Posts
FTC and Sensitive Location Data; New Pen Register Class Actions
December 9, 2024FTC takes action against the sale of sensitive data...
California CPPA Issues Notice of Proposed Rulemaking
November 25, 2024News out of California this week. The CPPA moved...
Mitigating risk under the Video Privacy Protection Act (VPPA)
November 23, 2024Because VPPA is just one of many tools being...
Latest White Papers
E-book: Enterprise Guide To Cookie management & Tracker List Curation
July 1, 2024How to review the tracking tech on your websites...
Benchmark Report: US Privacy Compliance
August 19, 2022The current state of publisher compliance with CCPA, and...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.