California Attorney General Rob Bonta announced app-based food delivery service DoorDash agreed to a settlement related to violations of the California Consumer Privacy Act and California Online Privacy Protection Act. DoorDash will pay a USD375,000 fine for selling its customers' personal information without notice and without providing an opportunity to opt-out of the sale of their data.
The White House is seeking input on the risks and benefits of open-source or closed artificial intelligence models and how to manage them, The Associated Press reports. The U.S. Department of Commerce will open a 30-day comment period to help develop a report by July.
The U.S. Federal Trade Commission concluded X CEO Elon Musk did not violate a settlement putting tight controls on user access data after trying to give an outside group of writers access to information, The Washington Post reports. The probe found employees at the site formerly known as Twitter upheld safeguards to protect user data.Full story
The Hong Kong Office of the Privacy Commissioner for Personal Data checked 28 entities to ensure their collection and use of personal data using artificial intelligence follows the law. The exercise found 21 groups used AI in their daily operations, but only half of those collected data through the technology.Full story
U.S. Sen. Bill Cassidy, R-La., said the Health Insurance Portability and Accountability Act should be updated and health care not covered by the law should have additional protections in a new report examining how to improve privacy in the health sector. Cassidy said privacy health care laws have not been updated as technology has changed.Full story
France's data protection authority, the Commission nationale de l'informatique et des libertés, issued guidance on health data collected from "high-level" and professional athletes. Only data that is "adequate, relevant and limited to what is necessary can be collected on athletes to meet the objective of the collection."Full story
Reed Smith released its U.K. Data Protection and Privacy Case Law Update for 2023 to analyze legal developments within the data privacy sector. The report includes various case examples to clarify "representative actions and the calculation of damages in privacy and data proceedings."Full story
The Office of the Australian Information Commissioner released a report on data breaches, noting that personal information collected by multiple parties can increase the chance of a data breach. From July to December 2023, the OAIC received 483 data breach reports with health and finance organizations targeted the most.Full story
The California Chamber of Commerce petitioned the state Supreme Court to review an appellate court decision to allow the California Privacy Protection Agency to begin enforcing California Privacy Rights Act regulations. CalChamber argued the CPPA failed to develop final regulations as required under the ballot measure approving the CPRA, and therefore cannot begin enforcement until the completion of a year-long grace period for businesses to comply with the law.
A study published by University of Grenoble Alpes professor of law Théodore Christakis found the "zero-risk" theory commonly held by EU data protection authorities after the "Schrems II" decision is "overly restrictive, is not mandated by the (EU General Data Protection Authority) and could have a number of adverse effects." Christakis said the "notion that data controllers can take measures to entirely 'eliminate' any risk of unauthorized access to European personal data by foreign governments is grounded on questionable assumptions."