On May 17, 2024, Colorado Governor Jared Polis signed, “with reservations,” Senate Bill 42-205, “Concerning Consumer Protections in Interactions with Artificial Intelligence Systems” (the Act). The first of its kind in the United States, the Act takes effect on February 1, 2026, and requires artificial intelligence (AI) developers, and businesses that use high-risk AI systems
consumer protection
FCC Proposes Probe into AI in Robocalls
Federal Communications Commission Chair Jessica Ronsenworcel recently announced a proposed directive to focus the FCC on AI’s burgeoning role in scam calls, particularly those targeting the elderly. The proposal will be presented at the November 15 commission meeting and would direct research into the strengths and weaknesses of generative AI, the role that AI plays…
Investigative Sweep of Employers’ CCPA Compliance by the California Attorney General
The California Attorney General recently announced an initiative to investigate employers’ non-compliance with the California Consumer Privacy Act/California Privacy Rights Act (collectively the CCPA).
At the beginning of this year, the CCPA’s disclosure requirements and consumer rights provisions became applicable to job applicants, employees (and their beneficiaries), and independent contractors. Now, the California AG’s office…
Class Action Filed Against Blackhawk Network for Failure to Secure Consumer Data Leading to Breach
A 34-page class action was filed against Blackhawk Network for a data breach that occurred on MyPrepaidCenter.com in September of this year. The plaintiffs allege that Blackhawk Network’s failure to prevent or detect this incident was “particularly egregious” since it operates a website where consumers can activate and manage prepaid gift cards, which requires collection…
Class Action Against Shopify Dismissed for Lack of Jurisdiction
The U.S. District Court for the Northern District of California dismissed a consumer class action against Ledger SAS’s e-commerce vendor Shopify Inc. because of its locale – Shopify is headquartered in Ottawa, Canada. Judge Edward M. Chen said in his decision earlier this week that the plaintiffs failed to satisfy their burden to demonstrate that…
Last Two States Considering Passage of Data Breach Notification Laws
The last two states which have not passed data breach notification laws are Alabama and South Dakota. Sometimes we make jokes about these states as they are so late to the data breach notification table (California was the first state to pass a data breach notification law in 2002) and they seem not to care…