Healthcare and Privacy News

on July 18, 2025 at 9:46 am

IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, offers his take on the latest privacy and AI governance developments in the nation’s capital and around the U.S. This week, he analyzes the latest California Department of Justice’s latest California Consumer Privacy Act settlement, drawing parallels with U.S. Federal Trade Commission cases and exploring the importance of purpose limitation under the CCPA.Full story

on July 18, 2025 at 9:39 am

The U.S. District Court for the District of Columbia found the White House’s removal of Federal Trade Commissioner Rebecca Kelly Slaughter was illegal, The New York Times reports. The attempted expulsion challenged longstanding precedent where a president can only remove the heads of independent federal agencies under narrow criteria. According to Judge Loren AliKhan, the White House’s decision “was unlawful and without legal effect” and Slaughter’s job protections “remain constitutional.” A White House spokesman said the administration will appeal.Full story

on July 18, 2025 at 9:17 am

Understanding the challenges and evolving risk landscape around agentic AI can help organizations prepare effectively, enabling them to gain the full benefits of a given deployment. HCLTech Vice President and Head of Office of Responsible AI and Governance Heather Domin, AIGP, outlines the specific risks in play and the potential guardrails to address them.  Full story

on July 18, 2025 at 9:10 am

ABC News reports U.S. Immigration and Customs Enforcement has been given access to Medicaid data by the White House, with the aim of helping identify and find people who have entered the country illegally. Meanwhile, ABC News also reports the U.S. Department of Justice is asking states for voter information.Full story

on July 18, 2025 at 8:30 am

The European Commission published final guidelines for providers of general-purpose AI models before requirements under the AI Act take force 2 Aug. The guidelines feature definitions for key terms, a pragmatic approach for providers and exemptions for open-source developers. Meanwhile, Euractiv reports Meta announced it will not sign onto the voluntary GPAI Code of Practice, which complements the new guidelines.Full story

on July 18, 2025 at 8:22 am

Join the IAPP for a LinkedIn Live 23 July unpacking the next steps for implementation of the U.K. Data (Use and Access) Act. U.K. Government Department for Science, Innovation and Technology Data Protection Policy Team Leader Robin Edwards and IAPP Research and Insights Director Joe Jones will examine key provisions, as well as what elements may require subsequent commencement regulations.Full story

on July 18, 2025 at 8:20 am

IAPP Managing Director, Europe, Isabelle Roccia, CIPP/E, writes Europe’s payment regulatory landscape is complex and intersects with digital responsibility topics at various junctures. It is also evolving at a rapid pace. She discusses a 2025 report from the trade association Payments Europe and the EU’s financial data access and payments package, which includes the updated Payment Services Directive and Payment Services Regulation that could become applicable in 2026.Full story

on July 18, 2025 at 8:15 am

Lionheart Squared Director and cofounder Karima Saini, CIPP/E, CIPP/US, CIPM, CIPT, FIP, broke down the implications of new EU digital laws with extraterritorial obligations for foreign companies to establish an EU presence. Saini explains those that do not appoint EU-based representation may face delays to launch services within the bloc or face scrutiny from multiple regional and ancillary authorities.Full story

on July 18, 2025 at 8:01 am

Denmark Minister of Digital Affairs Caroline Stage Olsen said her country and five others will be working on a national age verification system alongside the European Commission. She said any solution will be easy for large online platforms to adopt, arguing they have plenty of resources to adapt their products.Full story

on July 18, 2025 at 8:00 am

Privacy Commissioner of New Zealand Michael Webster is urging residents to strengthen user passwords to protect online accounts and personal information. Webster advised that using a password manager and creating unique logins can deter hackers and prevent password spraying, which is when one password is tried on several different accounts after gaining access.Full story

on July 18, 2025 at 8:00 am

The Centre for Information Policy Leadership announced U.K. Information Commissioner’s Office Executive Director of Regulatory Risk Stephen Almond will join the think tank in September at the conclusion of his time with the ICO. He will serve as the vice president of policy and consulting.Full story

on July 18, 2025 at 7:01 am

As part of its 25th anniversary, the IAPP celebrates 25 trailblazing innovators and 25 defining moments in the last quarter century that helped establish the privacy and digital governance profession. This week, we look back at the U.S. Federal Trade Commission’s 2019 privacy settlement with Meta’s Facebook, which brought a record-setting USD5 billion fine and unique corrective measures.Full story

on July 17, 2025 at 12:54 pm

The Wall Street Journal reports the shareholders who brought a massive USD8 billion privacy lawsuit against members of the former board of directors of Facebook have reached a settlement. High-profile defendants, including CEO Mark Zuckerberg, former Chief Operating Officer Sheryl Sandberg and former board director Marc Andreessen, were slated to testify Thursday in Delaware’s chancery court. Plaintiffs alleged the board did not ensure Facebook protected its users’ data from access by Cambridge Analytica, which led to a record USD5 billion fine by the U.S. Federal Trade Commission in 2019. “The trial would have been a test of corporate rights in Delaware,” the report states. The terms of the deal have not yet been disclosed.Full story

on July 17, 2025 at 10:28 am

The European AI Office published details for participation in the recently finalized General-Purpose AI Code of Practice. The office said signatories will “enjoy streamlined compliance with the obligations for general-purpose AI models in the AI Act,” which take effect 2 Aug. Additionally, the European Commission’s enforcement of participants’ GPAI practices will focus on “monitoring their adherence to the code, which offers greater predictability and reduced administrative burden.” Meanwhile, two Members of European Parliament said they welcomed the completion of the code and encouraged companies to sign on as an act of good faith.Full story

on July 17, 2025 at 9:06 am

The U.K. AI Security Institute joined with representatives of the International Network of AI Safety Institutes, including Australia, Canada, the EU, Japan and Singapore, to align their policies regarding evaluations of agentic AI systems. The joint exercise explored agentic risks, such as sensitive data leakage and how effective agentic models are at evaluating other AI agents’ performances and if their performances vary depending on language. Editor’s note: HCLTech Vice President and Head of Office of Responsible AI and Governance Heather Domin, AIGP, examined the agentic AI governance landscape.Full story