Artificial intelligence (AI) has become a prominent topic in the privacy sphere. In 2024, state and federal privacy regulators are expected to play a crucial role in shaping AI policy development. California, for instance, has proposed rules that go beyond existing regulations, providing enhanced notice, opt-out, and access rights for residents when businesses use automated decision-making technology (ADMT). Federal agencies like the Federal Trade Commission (FTC) and the U.S. Department of Justice (DOJ) have also emphasized the application of existing legal authorities to AI use. The Biden administration's executive order further highlights the need for federal agencies to implement rules and guidance related to AI and privacy concerns.
Children's privacy continues to be a significant focus in the privacy landscape. The Federal Trade Commission (FTC) has proposed changes to the Children's Online Privacy Protection Rule (COPPA Rule) that would impose new restrictions on businesses collecting personal information from children under 13. Additionally, several state laws related to children's privacy, such as age verification and content moderation, will face court rulings in 2024. These court decisions will determine the enforceability of similar laws in other states and potentially influence future legislation.
Health data privacy remains a key area of regulatory focus and potential class action litigation. The FTC has taken enforcement actions against health-related apps and services under the Health Breach Notification Rule (HBNR). Washington's My Health My Data Act (MHMDA), which specifically targets the collection, storage, and transfer of consumer health data, is set to come into effect in 2024. The broad private right of action provided by the MHMDA is likely to lead to significant litigation.
The plaintiffs' bar is expected to continue filing privacy lawsuits in 2024. Lawsuits under state wiretapping laws and allegations of violations of biometric privacy laws are likely to persist. Companies should anticipate aggressive action from plaintiffs using new tools provided by state laws and regulations.
By the end of 2024, nine U.S. states will have comprehensive privacy laws in effect. Texas, Florida, Oregon, and Montana will be among the states where new privacy laws come into effect. These states will join California, Virginia, Colorado, Connecticut, and Utah, which already have comprehensive privacy laws. Enforcement actions under existing state privacy laws are expected to increase in 2024.
Fintech companies may face new privacy requirements in 2024. The Consumer Financial Protection Bureau (CFPB) has proposed rules on "Personal Financial Data Rights" and the expansion of the Fair Credit Reporting Act (FCRA) to include data aggregators. These rules, if finalized, will add complexity to privacy and data security obligations for tech companies operating in the open banking space.
Regulators will continue to focus on the regulation of facial recognition and biometric data. The FTC has outlined practices it considers unfair regarding the collection and use of biometric information. This indicates a shift towards regulating businesses' use of biometric information beyond notice and consent.
Data brokers will be subject to new requirements as regulators take action. The Consumer Financial Protection Bureau has issued a Request for Information regarding data brokers, and several states have enacted data broker registration laws. California, in particular, has implemented the Delete Act, which regulates the data broker industry and provides consumers with a one-stop mechanism for data deletion requests.
The FTC is expected to propose a privacy rule in 2024. This rule, if finalized, would apply across most sectors of the U.S. economy, contributing to a more comprehensive privacy framework.
New breach notification requirements will come into effect in 2024. These requirements will enhance the obligations of businesses to promptly notify individuals of data breaches, ensuring transparency and accountability in the event of a security incident.
As we look ahead to 2024, it is clear that privacy regulation will continue to evolve and impact businesses and individuals. Organizations must stay informed about these developments and ensure compliance to protect their customers' data and maintain trust in an increasingly data-driven world.
Disclaimer: This article is for informational purposes only and does not constitute legal advice. Organizations should consult legal professionals to understand their specific legal obligations and compliance requirements.
Join 1000+ Advertisers, Digital Marketers and Agency Owners
Who Are Saving 30% Per Month on all digital advertising
Audit your ad spend and ensure 100% data accuracy & integrity
Register Free ⮕