I haven’t covered legislation and felt it was worth revisiting.
More state-level privacy laws, too – Tennessee has passed one too. I’ve linked to the International Association of Privacy Professionals, who give some perspective on the coming red wave of laws. Quote From Iowa to Indiana, Tennessee to Montana, and with Texas not far behind, the trend gets clearer every week: 2023 is bringing a red wave of state privacy laws.
Washington state has passed a law requiring consent before companies collect health data. Under Washington’s new law, which comes into effect in March 2024, medical apps and sites must ask a user for permission to collect their health data in a nondeceptive manner that “openly communicates a consumer’s freely given, informed, opt-in, voluntary, specific, and unambiguous written consent.” The site and apps must also disclose what kind of data they plan to collect and if they plan to sell it.
In Utah, the legislature passed SB287 back in March. That creates liability for porn sites that make their content available to people under 18. Earlier this month, Pornhub blocked Utah-based IP addresses and showed users a message expressing opposition. Virginia’s governor signed a similar bill into law last Friday. Louisiana and Arkansas already had laws in place.
I want to pair that with a Verge piece on the problems here.
The Congressional Research Service (CRS) has expressed concerns about online age verification. In a report it updated in March, the US legislature’s in-house research institute found that many kids aged 16 to 19 might not have a government-issued ID, such as a driver’s license, that they can use to verify their age online. While it says kids could use their student ID instead, it notes that they may be easier to fake than a government-issued ID. The CRS isn’t totally on board with relying on a national digital ID system for online age verification, as it could “raise privacy and security concerns.”
While we’re on state-level banning, Montana has become the first state to ban TikTok. It demands that mobile app stores make the app unavailable for Montana residents. The bill is written such that it penalizes app stores for “the option to download” but doesn’t state the liability for already downloaded apps. It’s set to be effective January 1, 2024.
Congress passed four bills at the federal level to give CISA new responsibilities for safeguarding open-source software. I’ll note the Senate’s requirement for CISA to create a pilot civilian cyber reserve program to respond to incidents and the House’s requirement for CISA to work with open source to secure it better.
Why do we care?
Wonder what a patchwork of unenforceable laws looks like? Here it is. Take a moment and consider how to enforce these practically. The obvious problem here is that every provider and their customers must now adapt services and practices to accommodate. Beyond that, how do you feel about the internet becoming different in different US states? That question is quickly becoming a reality. I’m not entirely convinced these will pass legal muster, recognizing I’m no lawyer.