Month: October 2023

And the moves toward state-level AI regulation go far beyond government usage. Overall, 10 states have already incorporated AI regulations as part of larger consumer privacy laws that either passed or will go into effect this year, according to the nonprofit Electronic Privacy Information Center, which recently published a report outlining every state-level AI law proposed, passed, and going into effect. These laws target a varied set of issues, addressing facial recognition, the use of AI for hiring, and the right to opt out of various automated decisions, among others. States including California, New York, Massachusetts, Rhode Island, and Pennsylvania have also recently proposed bills regulating generative AI in particular. 

Read more here.

In comments submitted this week to the U.S. Senate Committee on Health, Education, Labor, and Pensions (HELP), EPIC urged the Committee to address the “unique and serious privacy and security risks” posed by the commercial processing of personal health data.

Responding to the Committee’s recent request for information, EPIC advised the Committee to embrace strict data minimization requirements for personal health data, a category which can often extend to location data, biometric data, and genetic information. Additionally, where health data or patient information is covered by HIPAA, EPIC called for heightened safeguards—and in some cases a strict prohibition—on the disclosure of that data to law enforcement.

EPIC has advocated for stronger privacy protections both under HIPAA and in contexts that fall outside of HIPAA. Recently, EPIC encouraged the FTC to expand the Health Breach Notification Rule and applauded the Department of Health and Human Services for its efforts modify the HIPAA Privacy Rule to strengthen reproductive health privacy.