` Major Data Privacy and AI Laws Taking Effect in July 2024: What You Need to Know - Clarip Privacy Blog
ENTERPRISE    |    CONSUMER PRIVACY TIPS    |    DATA BREACHES & ALERTS    |    WHITEPAPERS

Major Data Privacy and AI Laws Taking Effect in July 2024: What You Need to Know

Major Data Privacy and AI Laws Taking Effect

July 2024 will mark a significant milestone for data privacy and AI governance in the U.S., with several new laws coming into effect. These laws are set to further transform the landscape of digital rights and technology regulation. Here’s a detailed overview of the upcoming changes that your organization should take notice of.

In this Article:

  • Florida Digital Bill of Rights (FDBR)
  • Texas Data Privacy and Security Act (TDPSA)
  • Oregon Consumer Privacy Act (OCPA)
  • Colorado Privacy Act (CPA)
  • Louisiana’s Social Media Law
  • California’s AI Regulations
  • Federal Trade Commission (FTC) Guidelines
  • EU AI Act: Global Influence

Florida Digital Bill of Rights (FDBR)

Starting July 1, 2024, the FDBR introduces stringent data privacy requirements for businesses operating in Florida. This law applies primarily to large companies with over $1 billion in annual revenue. Key provisions include:

  • Consumer Rights: Businesses must offer mechanisms for consumers to opt out of data collection via voice and facial recognition technologies.
  • Children’s Privacy: Enhanced protections for online services targeting children, mandating clear disclosures and parental consent mechanisms.

Texas Data Privacy and Security Act (TDPSA)

Effective July 1, 2024, the TDPSA imposes comprehensive privacy obligations on businesses operating in Texas. Significant aspects include:

  • Data Protection Assessments: Companies must conduct regular assessments to evaluate their data protection measures.
  • Opt-In Consent: Required for processing sensitive personal information, such as biometric data.
  • Universal Opt-Out Mechanisms: Businesses must honor universal opt-out signals from consumers by January 1, 2025.

Oregon Consumer Privacy Act

This law, also effective from July 1, 2024, mandates several consumer rights, including access, correction, deletion, and the ability to opt-out of personal data processing. Additionally, it requires explicit consent for handling sensitive data. Key aspects include:

  • Broad Definition of Personal Data: The OCPA has a broad definition of personal data, including any information that is linked or reasonably linkable to an identified or identifiable individual. This includes pseudonymous data if it can be linked to an individual without unreasonable effort.
  • Prohibition on Discrimination: Businesses are prohibited from discriminating against consumers who exercise their rights under the OCPA. This means they cannot deny goods or services, charge different prices, or provide a different level of quality based on the exercise of consumer rights.
  • Third-Party Obligations: The law imposes specific obligations on third-party processors, requiring them to adhere to the instructions of the data controller and assist in meeting compliance obligations.

Colorado Privacy Act (CPA)

The act’s new provisions, effective from July 1, 2024, enforce universal opt-out mechanisms and necessitate consent for processing sensitive information retrospectively.

Us Privacy Law Tracker

Louisiana’s Social Media Law

Effective July 1, 2024, Louisiana will enforce a new social media law aimed at protecting minors online. Authored by Senator Patrick McMath, the law requires minors to obtain parental consent before creating social media accounts. Key aspects of this legislation include:

  • Parental Permission: Minors under 16 must have parental approval to open social media accounts. Parents will have access to their child’s account to monitor posts, messages, and interactions.
  • Age Verification: Social media companies must make “commercially reasonable efforts” to verify the ages of users in Louisiana. This could involve stringent age verification methods, raising potential privacy concerns.
  • Parental Access: Parents who provide consent will receive tools to monitor and control their child’s social media activity, including viewing all posts and messages.
  • Aimed at Child Protection: The law is a response to rising concerns about child mental health issues, cyberbullying, addiction, and data collection by social media platforms.

This law aims to enhance the safety of minors online by involving parents more directly in their children’s digital activities and ensuring that social media platforms take extra steps to verify user ages and protect young users from potential online harm.

California AI Regulations

In April 2024, the California Privacy Protection Agency (CPPA) announced plans to post a Notice of Proposed Rulemaking around July 2024 for the California Consumer Privacy Act (CCPA). The CPPA aims to finalize the rules within one year, which would allow them to be enforceable by July 2025. During this time, the public will have at least 45 days to comment on the proposed regulations. In the meantime, let’s look at CCPA legislation that are relevant to AI regulations today:

  • Consumer Rights Impacting AI
    Right to Know: Consumers have the right to know what personal information is being collected, the sources of the information, the purposes for collection, and the third parties with whom the information is shared. This includes data used for AI and automated decision-making.
    Right to Delete: Consumers can request the deletion of their personal information, which affects the data available for AI training and decision-making processes.
    Right to Opt-Out: Consumers have the right to opt out of the sale or sharing of their personal information, limiting the data that can be used for AI purposes.
    Right to Correct: Consumers can request the correction of inaccurate personal information, ensuring that AI systems rely on accurate data.
  • Automated Decision-Making Technology and Profiling
    The CPRA defines “profiling” as any form of automated processing of personal data to evaluate, analyze, or predict aspects concerning an individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

    Consumers have the right to request meaningful information about the logic involved in automated decision-making processes, including profiling, and to understand the likely outcome or consequences of such processing.
  • Sensitive Personal Information
    The CPRA introduces stricter regulations on the use of sensitive personal information, which includes data used in AI systems for profiling or automated decision-making. Consumers can limit the use and disclosure of their sensitive personal information.
  • Transparency and Disclosure
    Businesses must disclose their data processing activities, including the use of personal information for automated decision-making technologies. This includes providing detailed information in privacy policies about how AI and profiling technologies are used.
  • Enforcement and Compliance
    The CPPA (California Privacy Protection Agency) has the authority to issue guidelines and regulations to clarify and operationalize the requirements related to automated decision-making and profiling, ensuring businesses adhere to these standards. Key Implications for AI that the CCPA will enforce:

    • Transparency in automated decision-making processes
    • Enhanced consumer control over personal data used for AI systems
    • Impose stricter regulations on sensitive personal information

While the CCPA is not exclusively focused on AI, its provisions on data transparency, consumer rights, and protection of sensitive personal information indirectly regulate the use of AI technologies in California.

Federal Trade Commission (FTC) Guidelines

The FTC will introduce guidelines targeting the ethical use of AI, emphasizing the prevention of deceptive practices. These guidelines aim to:

  • Accountability: Ensure companies provide clear disclosures about AI’s use.
  • Fairness: Prevent discriminatory and unfair use of AI technologies.

EU AI Act: Global Influence

While not specific to the US, The EU AI Act, formally known as the Artificial Intelligence Act, is a landmark regulatory framework proposed by the European Union to govern the development, commercialization, and deployment of artificial intelligence technologies. Its potential global influence can be understood through several key aspects:

  • High Standards and Compliance: The EU has a history of setting global standards through its regulations, such as the General Data Protection Regulation (GDPR). Companies operating globally often adopt EU standards to ensure compliance across all markets, potentially leading the EU AI Act to become a de facto global standard.
  • Risk-based Approach: The Act categorizes AI systems into different risk levels (unacceptable, high, limited, and minimal) with corresponding regulatory requirements, creating a comprehensive and nuanced framework that other jurisdictions may adopt or adapt.
  • Access to EU Market: Companies wishing to operate in the lucrative EU market will need to comply with the AI Act. This could incentivize global companies to align their AI practices with the Act, influencing AI development and deployment standards worldwide.
  • Trade Agreements: The EU may incorporate AI Act compliance into its trade agreements, further extending its influence. Trading partners might adopt similar regulations to facilitate smoother trade relations with the EU.
  • Ethical AI Development: The AI Act emphasizes ethical AI development, focusing on transparency, accountability, and human rights. This emphasis could steer global AI practices towards more ethical and human-centric approaches.
  • Technological Innovation: By setting clear rules, the Act could foster innovation in AI technologies that are safe, reliable, and trustworthy, encouraging other regions to follow suit to stay competitive.
  • Regulatory Influence: The EU’s regulatory approach can serve as a counterbalance to the more laissez-faire approaches of the US or the state-driven approaches of China. This regulatory influence can shape global AI governance and policy discussions.
  • Cooperation and Collaboration: The Act may lead to increased international cooperation on AI standards and governance, promoting a more harmonized global approach to AI regulation.
  • Implementation Complexity: The global influence of the AI Act could face challenges due to the complexity of implementing and enforcing these regulations across different jurisdictions with varying technological and regulatory landscapes.
  • Innovation Constraints: Critics argue that stringent regulations might stifle innovation. Balancing regulation with fostering innovation will be crucial for the Act’s global acceptance and influence.
  • Benchmark for Future Legislation: The AI Act could serve as a benchmark for future AI legislation worldwide, influencing how other countries draft and implement their AI regulations.
  • Shaping AI Governance: The EU AI Act’s principles and frameworks might shape the discourse on AI governance, contributing to the development of international norms and standards.

Overall, the EU AI Act has the potential to significantly influence global AI regulation by setting high standards, fostering ethical AI development, and shaping international regulatory landscapes. Its impact will largely depend on how other regions respond and adapt to these new regulatory benchmarks.

Implications for Businesses and Consumers

These upcoming regulations signify a shift towards more stringent oversight of both data privacy and AI technologies. For businesses, this means a need to:

  • Revise Compliance Strategies: Conduct thorough gap analyses and implement necessary changes to comply with new state-specific laws.
  • Enhance Transparency: Clearly disclose data and AI practices to consumers.
  • Strengthen Data Protection: Implement robust data protection assessments and consent mechanisms.

For consumers, these laws promise greater control over personal data and more transparency regarding how AI impacts their daily lives. The enhanced protections are aimed at building trust and safeguarding privacy in an increasingly digital world.

Conclusion

The data privacy and AI laws coming into effect in July 2024 represent a critical evolution in technology regulation. As states like Florida, Texas, Oregon, Colorado, and Louisiana introduce new protections, and as California and the FTC set the stage for AI governance, businesses must navigate these changes diligently. This new regulatory landscape underscores the importance of transparency, accountability, and consumer rights in the digital age.

Click here to learn more about our Preference and Consent Management Platform! Clarip takes enterprise privacy governance to the next level and helps organizations reduce risks, engage better, and gain customers’ trust! Contact us at www.clarip.com or call Clarip at 1-888-252-5653 for a demo.

Email Now:

Mike Mango, VP of Sales
mmango@clarip.com

Contact

  • 1521, Concord Pike, Suite #301,
    Wilmington, DE 19803 USA
  • 20 Montchanin Road, Suite 20,
    Greenville, DE 19807 USA
  • Contact Online

888-252-5653

About

Consumers

Businesses

The pixel
Show Buttons
Hide Buttons