On March 31, 2024, Washington State’s groundbreaking My Health My Data Act (MHMDA) became legally enforceable, signaling a monumental shift in online health-related privacy laws that extend beyond HIPAA. This move has far-reaching implications not only for Washington residents but also for businesses across various sectors that handle consumer health data (CHD). The act redefines CHD to encompass a vast array of personal information including health conditions, treatments, biometric data, and even social and psychological information, necessitating sweeping compliance measures from companies operating in the state.
MHMDA mandates that companies must now obtain explicit opt-in consent before collecting CHD, a significant departure from previous laws like CCPA which only required an opt-out mechanism. This shift imposes technical challenges, particularly in implementing real-time consent tools that continuously monitor and manage data collection. Failure to comply with these regulations could expose companies to lawsuits under the law’s private right of action clause, a scenario reminiscent of the Video Privacy Protection Act’s impact on organizations.
The legislation also restricts geofencing practices and location-based tracking, presenting a conundrum for businesses like grocery stores with pharmacies that rely on such technologies for marketing. Furthermore, companies must safeguard open text fields on forms to prevent unauthorized data collection, highlighting the law’s intricate and comprehensive nature. These protective measures are crucial for businesses to avoid litigation and ensure compliance as they navigate this new legal landscape.
Concurrently, the U.S. Senate has passed two pivotal bills aimed at bolstering online privacy and safety, particularly for children and teens. The Kids Online Safety Act (KOSA) and the Children and Teens’ Online Privacy Protection Act (COPPA 2.0) represent significant legislative efforts to enhance digital protections for minors. KOSA seeks to establish a duty of care for tech companies, holding them accountable for content that could harm children’s mental health. This bill has garnered support for addressing issues such as cyberbullying and internet addiction but faces criticism over potential over-censorship and political misuse.
Sen. Ron Wyden, D-Ore., a notable critic, argues that KOSA could empower future administrations to impose restrictive measures on information related to LGBTQ and reproductive health, reflecting broader concerns about the bill’s long-term implications. Despite these criticisms, the bill enjoys robust support from children’s advocacy groups and mental health organizations, emphasizing its potential to curb harmful online practices.
COPPA 2.0 updates the original 1998 law by extending privacy protections to include children up to 17 years old, prohibiting data collection without consent and banning targeted advertising to minors. This legislation aims to close existing loopholes and adapt to technological advancements in biometric data collection. However, it too faces opposition from tech industry groups and privacy advocates who argue that the measures could disrupt current business models and hinder internet functionality.
In a parallel effort, Reps. Jake Auchincloss (D-MA) and Ashley Hinson (R-IA) have introduced the Intimate Privacy Protection Act. This bill seeks to combat cyberstalking, intimate privacy violations, and digital forgeries by imposing a duty of care on tech platforms. The act responds to rising concerns over AI-generated deepfakes and other digital threats, ensuring that platforms take necessary steps to prevent and address these violations. Both Auchincloss and Hinson emphasize that tech companies should not evade responsibility for harmful content using Section 230 as a shield.
As lawmakers continue to grapple with the complexities of digital privacy and safety, these legislative initiatives underscore a concerted effort to adapt legal frameworks to the evolving technological landscape. Companies must stay vigilant and proactive in compliance to navigate these regulatory changes and protect consumer interests.
News Sources
- How Companies Can Comply With The My Health My Data Act
- What will KOSA and COPPA 2.0 do? Controversial bills explained
- Lawmakers want to carve out intimate AI deepfakes from Section 230 immunity
- The Senate is set to pass KOSA. Big Tech is ready for a court fight
- Senate passes KOSA, the landmark bill aiming to protect kids online
Assisted by GAI and LLM Technologies
Source: HaystackID
