USA LAW AND PRACTICE Contributed by: Nancy Libin, David Rice, Spencer Persson, Michael Borgia, Robert Stankey, Kara Trowell and Alexander Sisto, Davis Wright Tremaine LLP
• preventing AI-related deepfakes; • preventing surreptitious and retroactive changes to privacy policies, to justify the use of personal data to train AI models; and • directing developers and deployers of AI technology to disclose in their privacy policies the sources of their training data. State General Privacy Laws State privacy and consumer protection laws also have an impact on the development and deploy - ment of AI technology to the extent that models are trained on personal information or are fine- tuned with personal information. Among others, issues that arise include: • honouring consumer requests to exercise their privacy rights when it may be difficult or even impossible to isolate personal informa - tion in an AI training database or model; • providing sufficient transparency of personal data collection and processing; • preventing undisclosed secondary uses of personal data; and • managing consumer rights with respect to automated decision-making technology that profiles consumers in connection with deci - sions that have a significant impact on them.
litigation continues, along with new collective actions that seek to use companies’ terms of service against them. Wiretapping, Pen Registers, and Tap and Trace Litigation Much of the so-called “wiretapping” litigation that became pervasive in 2024 invokes the California Invasion of Privacy Act (CIPA), which was originally enacted in the 1960s and was designed to prohibit the interception or record - ing of telephone calls without consent. Plaintiffs have brought claims under CIPA to allege that the use of third-party vendors to operate chat functions, improve website functionality or pro - vide advertising metrics to the company some - how constitutes an illegal wiretap. Plaintiffs have also claimed that a related provision designed to allow law enforcement to install pen registers or trap and trace devices on suspected criminals’ phone lines applies to any website’s procure - ment of an IP address – a far-fetched notion considering that an exchange of IP addresses is required for internet operability. Plaintiffs argue that these violations of CIPA result in statutory damages of USD5,000 per violation. While companies have had some suc - cess in defeating these claims at the pleading stage, often the cases are settled for nuisance value and before an appellate decision is issued that could foreclose the claims moving forward. One set of enterprising plaintiffs alleged that customer voice-authentication systems used by financial institutions violated CIPA’s provisions that prohibit examining or recording a person’s voiceprint or voice stress patterns to determine “the truth or falsity of statements made by such person”.
2. Privacy Litigation 2.1 General Overview
The privacy litigation landscape has expanded greatly in the past 18 months to include new theories relating to the use of third-party ven - dors to augment companies’ online presence and the collection and sharing of certain data with those vendors. These relationships have spawned new theories relating to video-viewing habits of consumers and the reinterpretation of wiretapping claims. Meanwhile, data breach
536 CHAMBERS.COM
Powered by FlippingBook