Hashed & Salted | A Privacy and Data Security Update
While state-level privacy initiatives remain active, the federal privacy arena in the U.S. is heating up with the Federal Trade Commission announcing plans for privacy rulemaking this summer, and Congress making progress on a bipartisan and bicameral federal privacy bill that some commenters are hailing as breaking the party-line stalemate over the scope and reach of federal privacy law.
A discussion draft of the American Data Privacy and Protection Act was released on June 3 by the bill’s sponsors, Sen. Roger Wicker (R-Miss.), ranking member of the Senate Committee on Commerce, Science and Transportation, and Reps. Frank Pallone, Jr. (D-N.J.), chairman of the House Committee on Energy and Commerce, and Cathy McMorris Rodgers (R-Wash.), a ranking member of that committee. The draft legislation proposes a comprehensive framework that includes a set of consumer privacy rights, the ability of consumers to opt out of targeted advertising, and enhanced protections for children and teens.
Federal regulators are also focused on children’s privacy. The FTC in May released a policy statement announcing its intent to “closely scrutinize” educational technology providers and take action if those providers fail to meet their legal obligations under the Children’s Online Privacy Protection Act (COPPA). The FTC also announced it will host a virtual workshop on Oct. 19 called “Protecting Kids from Stealth Advertising in Digital Media.” The event, which is open to the public and will be webcast on the FTC’s website, will identify advertising techniques aimed at children and measures that could be implemented to protect their personal data.
At the state level, the California Privacy Protection Agency has released the draft text of the highly anticipated regulations implementing the California Privacy Rights Act (CPRA). During its June 8 board meeting, the agency voted to begin the formal rulemaking process for the regulations, initiating the 45-day period for public comment.
In our deep dives this month, partner Caroline Hudson explores the various proposed advertising technology solutions for the pending (but slow in arriving) “cookieless future” in digital advertising. In our second article, Cathy Mulrow-Peattie, of counsel with Loeb, examines the developing federal and state legislative and regulatory focus on artificial intelligence and machine learning in the U.S.
And in our team member spotlight, Eyvonne Mallett, of counsel with the Privacy, Security & Data Innovations practice, shares how her work at the Federal Deposit Insurance Corporation (FDIC) sparked her interest in the legal issues related to financial technologies, why non-fungible tokens (NFTs) have her attention at the moment, and how she came to have a favorite Slurpee flavor—you’ll have to read the spotlight to find out what it is!
In this issue
- Animal Crackers in Acronym Soup: Understanding AdTech Proposals for a Cookieless Future
- Staying Ahead of AI Regulations—What Businesses Need to Know About Current Regulatory, Legislative and Operational Trends
- Team Member Spotlight: Eyvonne Mallett
- Event Spotlight: Privacy Regulation & Policy Shifts That Will Impact Programmatic Advertising
- In Case You Missed It’: BBB National Programs’ Center Releases Roadmap for Teen Online Privacy
Much has been made of the long, slow demise of third-party cookies. Cookies and tracking tools power the digital advertising ecosystem by identifying particular web users and serving them relevant content based on their browsing behaviors. Third-party cookies also serve operational purposes, including ad campaign measurement and attribution. Now, the drumbeat of increased privacy regulation, changes in platform policies and regulatory scrutiny continue to chip away at this feature that underpins the online advertising world. Read the full alert here.
Staying Ahead of AI Regulations—What Businesses Need to Know About Current Regulatory, Legislative and Operational Trends
An increasing spotlight on artificial intelligence and machine learning (collectively, AI) in the U.S., in particular around the concern that AI causes consumer harm, such as discrimination and unconscious bias, indicates that monitoring and regulating AI is a priority for many lawmakers and regulators. Understanding the legal impacts must be a priority for all who build, use, purchase or test AI. Read the full alert here.
How did you develop your area of focus?
I worked as a senior attorney for the Federal Deposit Insurance Corporation (FDIC), one of the country’s bank regulators, during a time of tremendous growth in financial technology (fintech). While many of my colleagues were wary of fintech companies, favoring the more traditional, regulated financial institutions, I’m fascinated by emerging technologies generally, and when I was working with the FDIC, I began to see the value of fintech in the financial services space. I worked with leadership to establish a fintech team and incorporated financial technologies in our review of traditional financial institutions and other data, including incorporating artificial intelligence, machine learning and algorithms. I was responsible for negotiating the terms and conditions, privacy policies, and cybersecurity of the technology agreements for the FDIC. Leadership began to see the value of financial technologies and the intersection between financial institutions, nonfinancial institutions and fintech companies; started focusing on payment technologies, virtual currencies, blockchain, and other business-to-business and business-to-government uses; and undertook extensive research of business-to-peer transactions for the purpose of proposing forthcoming regulations.
What’s exciting you/grabbing your attention right now?
Non-fungible tokens (NFTs) are an emerging digital asset class that presents a unique set of regulatory and legal considerations. The current U.S. regulatory and legal framework is slowly catching up to the developing technology, but there are many key issues that have yet to be addressed, such as how NFTs can be categorized—commodity? security? other?—intellectual property rights, anti-money laundering and sanctions implications, cybersecurity concerns, and state laws governing virtual currencies. As the asset class matures, I’m interested in seeing how the regulations and laws evolve, and I’m excited to advise investors, financial services institutions and fintech companies on the key regulatory issues, legal concerns and potential opportunities in this space.
What’s one thing most people would be surprised to know about you?
The practice of law was not my first career. Before I decided to attend law school, I worked for 7-Eleven Corporate, where I managed a subgroup of 10 franchisee-owned 7-Eleven stores in the Washington/Baltimore region. I was responsible for opening new 7-Eleven stores and consulting with franchisees to develop and execute operational plans and strategies, including merchandising, fresh food concepts, fuel sales, guest experiences and store operational infrastructure. I established the foundation for a successful franchise by showing the franchisees how to grow sales, increase profit margins and reduce risks through coaching, support and ensuring compliance with 7-Eleven franchise agreements. And of course, I have a favorite Slurpee flavor—blue raspberry.
Jessica Lee, Chair of Loeb’s Privacy, Security & Data Innovations practice, spoke on the panel “Privacy Regulation & Policy Shifts That Will Impact Programmatic Advertising” at the IAB Tech Lab Summit on June 9. View event here.
For the first time in the United States, a business self-regulatory group has introduced a framework aimed at protecting the online privacy of teenage consumers ages 13 to 17. While the online privacy of children under age 13 is protected by COPPA, no industry guidance has focused on protecting the online privacy of teenagers—until now. The Center for Industry Self-Regulation, the BBB National Programs’ nonprofit foundation, recently unveiled the TeenAge Privacy Program Roadmap. Read the full alert here.
Sign up for our Hashed & Salted newsletter by creating an account and selecting Privacy, Security & Data Innovation as your area of interest here.