Privacy

CFA Privacy & AI Update #2 – Jan 29, 2025

 |  Blog Post

Good morning!

Welcome to the second installment of a newsletter from the Consumer Federation of America (CFA) tracking the latest news about how AI and personal data are used, abused, and regulated. The newsletter will focus on the state level, where it’s nearly guaranteed there will be a lot of legislation and regulation on these topics, which are hard to track! If you’re reading this and not subscribed, head to https://cfa.simplelists.com/ and on the list select the second from the top (“ai-privacy-updates (CFA State AI and Privacy Updates.) Every two weeks, I’ll update you on the latest regulatory developments and highlight some stories of how privacy violations and irresponsible AI use are causing harm.

If you’re not familiar with CFA, please visit our website https://consumerfed.org/ to learn more. If you work at an advocacy organization or agency focused on our issues, consider becoming a member. We have over 250 members nationwide from small local orgs to big national ones. There are very modest dues for excellent benefits including tickets to our conferences, exclusive member dialogues, and more. Learn more and apply here!

Alright – let’s get into it:

STATE AI AND PRIVACY POLICIES

  • Been a busy few weeks!
    • Earlier this week, a multistate group of legislators held a hearing on three pieces of legislation: an updated draft of the Connecticut AI Act, the Texas Responsible AI Governance Act, and a draft framework that is being designed for folks in those states to use. While the vast majority of people invited to testify were industry representatives that offered ways to weaken the policies, I was able to (along with reps from Consumer Reports, EPIC, CDT, and the AFL-CIO) illustrate some of the loopholes left in the bill and how they would disadvantage consumers. (Inside AI Policy)
    • In Massachusetts, three comprehensive privacy laws were introduced in the first few weeks of the. Here’s an analysis of the three bills from EPIC, a group heavily involved with this effort. (EPIC)
    • In Virginia, a bipartisan group of lawmakers introduced ten bills focused on imposing regulations on the data center industry. Virginia is an epicenter for data center building, and often the communities that they’re being built in pay the price both in their energy bills and in the use of their land. (Pluribus News)
    • New York passed a very strong bill that would require affirmative consent when collecting sensitive digital health information – this follows a similar model to Washington’s “My Health, My Data” act which also aims to protect the privacy of people after Dobbs was overturned. (Crain’s)
      • Virginia is beginning to do the same, with an unclear picture of how good these bills will be and if the Governor would sign it. (Privacy Daily)
    • The Vermont Attorney General is saying, in no uncertain terms, that privacy laws should have private rights of action. She is right!  (YouTube Clip From Vermont Press Conference)
  • Zooming out for another meta-analysis – the PIRG and EPIC “scorecard” analysis of privacy laws got an update released yesterday. Check it out! (EPIC/PIRG)

RELEVANT NEWS

  • More enforcement!
    • The FTC settled with General Motors over the way they collected and handled sensitive consumer data. They are agreeing not to sell driving behavior data for 5 years. (The New York Times)
    • The FTC announced a criminal referral to the Department of Justice about Snap’s MyAI (read more about it if you’d like) for privacy harms to children. (FTC)
  • Everyone is talking about DeepSeek! If you’re interested, rather than add my two (or realistically like fifteen) cents, here are my favorite reads — a great zoom out from journalist Karen Hao (LinkedIn), a comparative take on privacy concerns and exceptionalism from Ravit Dotan (LinkedIn) and a take from Lina Khan (summarized here). Hope it shines a light on how dangerous the way US AI firms are operating.
  • In his final days, even amidst a warning about tech oligarchs in his farewell address, Former President Biden published an Executive Order offering up federal lands for data centers to help speed up AI projects. (The Verge). A few weeks later, substantially more federal support for AI was announced in the form of Project Stargate (announced by Trump and Open AI CEO Sam Altman). This is not great. (OpenAI)

If you know anyone who might like this, encourage them to sign up here.

Thanks so much for reading,