{"id":5417,"date":"2022-09-27T12:53:14","date_gmt":"2022-09-27T12:53:14","guid":{"rendered":"https:\/\/revolutionsincommunication.com\/law\/?page_id=5417"},"modified":"2026-01-12T16:19:26","modified_gmt":"2026-01-12T16:19:26","slug":"digital-privacy","status":"publish","type":"page","link":"https:\/\/revolutionsincommunication.com\/law\/digital-privacy\/","title":{"rendered":"Digital privacy"},"content":{"rendered":"<p><iframe loading=\"lazy\" title=\"YouTube video player\" src=\"https:\/\/www.youtube.com\/embed\/B4jNttRvbpU?si=YwNItTv16x8dfalm\" width=\"460\" height=\"315\" frameborder=\"0\" align=\"right\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<p>Deepfakes \u2014 False digital depictions \u2014 can harm a person\u2019s privacy and reputation,\u00a0 and also pose a risk to broader society.\u00a0 While some may be\u00a0 harmless, others may involve substitution of identities in pornographic video, election interference, foreign social influence campaigns, or identity theft in corporate fraud. This was identified as a problem as early as 2021, in a <a href=\"https:\/\/www.documentcloud.org\/documents\/20509703-fbipin-3102021\">Private Industry Notification by the FBI<\/a>,<\/p>\n<p><a href=\"https:\/\/www.nytimes.com\/2025\/08\/20\/opinion\/amy-klobuchar-deepfakes.html\">A July, 2025, deepfake video<\/a>\u00a0 of US Senator Amy Klobuchar (D-Minn) raised hackles on both sides of the aisle. The video was an absurd critique of an ad campaign for jeans featuring Sydney Sweeney that depicted Klobuchar using the phrase \u201cperfect titties\u201d and lamenting that Democrats were \u201ctoo fat to wear jeans or too ugly to go outside.\u201d\u00a0 Klobochar said: &#8220;There was no getting around the fact that it looked and sounded very real.&#8221;\u00a0 \u00a0Tik-tok took it down and Meta labelled it, but X (Twitter) refused to take it down or even label it as manipulative or deceptive, contrary to its user policies, Klobuchar said.<\/p>\n<p>In April of 2025, Klobuchar, Ted Cruz (R-Tx) and others introduced a &#8220;<a href=\"https:\/\/www.klobuchar.senate.gov\/public\/index.cfm\/2025\/4\/klobuchar-coons-blackburn-and-colleagues-reintroduce-bipartisan-no-fakes-act\">No Fakes Act<\/a>&#8221; designed to &#8220;protect Americans&#8217; voice and likeness and combat the proliferation of AI deepfakes.&#8221;\u00a0 The bill would:<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">Create a property right in a person\u2019s AI-generated digital replica;<\/li>\n<li dir=\"ltr\" aria-level=\"1\">Hold individuals or companies liable if they produce an unauthorized digital replica of an individual;<\/li>\n<li dir=\"ltr\" aria-level=\"1\">Establish a notice-and-takedown process so victims of unauthorized deepfakes have an avenue to get online platforms to take down the deepfake;<\/li>\n<li dir=\"ltr\" aria-level=\"1\">Exclude certain digital replicas from coverage based on recognized First Amendment protections;<\/li>\n<li dir=\"ltr\" aria-level=\"1\">Largely preempt State laws addressing digital replicas to create a workable national standard.<\/li>\n<\/ul>\n<p><span style=\"color: #444444;\"><a href=\"https:\/\/www.eff.org\/deeplinks\/2025\/06\/no-fakes-act-has-changed-and-its-so-much-worse\">Critics say the bill is overly broad<\/a> and does not protect legitimate speech such as parody and satire. A better approach would be to give people targeted tools to protect against harmful misrepresentations, and not create a new federal copyright system.\u00a0<\/span><\/p>\n<p><em><strong>Similar state privacy protection in Virginia and California\u00a0\u00a0<\/strong><\/em><\/p>\n<p>California and Virginia have taken the lead on digital privacy, but the US laws far far short of the EU&#8217;s Digital Services Act.<\/p>\n<p><strong> <a href=\"http:\/\/:https:\/\/www.workplaceprivacyreport.com\/2020\/11\/articles\/california-consumer-privacy-act\/california-passes-prop-24-here-comes-ccpa-2-0\/\">California&#8217;s Privacy Rights Act<\/a> <\/strong>(CPRA)\u00a0 provides a private right to bring lawsuits (right of action) against creators of nonconsensual deepfake pornography and\u00a0 outlaws manipulated video of politicians within 60 days of an election.<\/p>\n<p>The CPRA also expands on the protections provided by an earlier version of the\u00a0 CCPA and was <a href=\"https:\/\/www.workplaceprivacyreport.com\/2020\/11\/articles\/california-consumer-privacy-act\/california-passes-prop-24-here-comes-ccpa-2-0\/\">approved by California voters<\/a>\u00a0under Proposition 24 in the November 2020 election.<\/p>\n<p><strong>The\u00a0 <a href=\"https:\/\/www.natlawreview.com\/article\/virginia-passes-consumer-privacy-law-other-states-may-follow\">Virginia Consumer Data Privacy Act,\u00a0 <\/a><\/strong>\u00a0 (VCDPA) passed in 2021,\u00a0 has provisions like Europe&#8217;s GDPR and the CPRA.<\/p>\n<p>Under the new laws, California and Virginia residents are protected from inaccurate data storage and collection:<\/p>\n<ul>\n<li><b> \u201cSensitive personal information\u201d<\/b> such as social security number, driver license number, and financial account number, also racial or ethnic origin, religious beliefs, union membership, the contents of a consumer\u2019s email and text messages (unless the business is an intended recipient), genetic and sexual orientation.<\/li>\n<li><b>New rights for consumers: <\/b>Consumers will have the right to request limitations on the use and disclosure of that information and to ask businesses to correct inaccurate personal information maintained by a business.<\/li>\n<li><b>Enhanced protections for children\u2019s data.\u00a0<\/b>The CPRA triples fines for collecting and selling information of minors under 16 years of age.<\/li>\n<li><b>Adds data retention requirement.<\/b>\u00a0Prohibits businesses\u2019 retention of personal information or sensitive personal information for longer than reasonably necessary for the disclosed purpose for which the information was collected.<\/li>\n<li><b>Adds a specific data security requirement.\u00a0<\/b>Prior to the CPRA, the CCPA did not expressly require businesses to maintain reasonable safeguards to protect personal information, although it added a private right of action for data breaches cause by a failure to maintain reasonable safeguards. The CPRA expressly requires businesses to implement reasonable security procedures and practices to protect personal information from unauthorized or illegal access, destruction, use, modification, or disclosure in accordance with Cal. Civ. Code 1798.81.5.<\/li>\n<li><strong>Data Protection Assessments.<\/strong>The VCDPA imposes a new requirement for controllers: data protection assessment obligations (as mentioned above regarding sensitive data). Controllers must conduct data protection assessments for specific processing activities involving personal data. These activities include targeted advertising, sale of personal data, profiling, sensitive data, and data that presents a heightened risk of harm to consumers.<\/li>\n<\/ul>\n<h3>Data privacy in the EU<\/h3>\n<p><a href=\"https:\/\/www.accessnow.org\/cms\/assets\/uploads\/2018\/07\/GDPR-User-Guide_digital.pdf\"><img loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-5492\" src=\"https:\/\/revolutionsincommunication.com\/law\/wp-content\/uploads\/2022\/10\/Screen-Shot-2022-10-31-at-4.39.36-PM.png\" alt=\"\" width=\"347\" height=\"290\" srcset=\"https:\/\/revolutionsincommunication.com\/law\/wp-content\/uploads\/2022\/10\/Screen-Shot-2022-10-31-at-4.39.36-PM.png 1376w, https:\/\/revolutionsincommunication.com\/law\/wp-content\/uploads\/2022\/10\/Screen-Shot-2022-10-31-at-4.39.36-PM-300x251.png 300w, https:\/\/revolutionsincommunication.com\/law\/wp-content\/uploads\/2022\/10\/Screen-Shot-2022-10-31-at-4.39.36-PM-1024x856.png 1024w, https:\/\/revolutionsincommunication.com\/law\/wp-content\/uploads\/2022\/10\/Screen-Shot-2022-10-31-at-4.39.36-PM-768x642.png 768w, https:\/\/revolutionsincommunication.com\/law\/wp-content\/uploads\/2022\/10\/Screen-Shot-2022-10-31-at-4.39.36-PM-800x669.png 800w\" sizes=\"auto, (max-width: 347px) 100vw, 347px\" \/><\/a><\/p>\n<p>The European Union began enacting digital data privacy regulations in the 1990s and finalized a systematic legal approach in March 2014 with the\u00a0 General Date Protection Regulation.<\/p>\n<p>Three other sweeping regulations were enacted in the 2023-2024 period: The the <a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/digital-services-act\">Digital Services Act<\/a>, the\u00a0 <a href=\"https:\/\/digital-markets-act.ec.europa.eu\/index_en\">Digital Markets Act,<\/a> \u00a0and the <a href=\"https:\/\/artificialintelligenceact.eu\/\">Artificial Intelligence Act<\/a>.<\/p>\n<p><strong>GDPR:<\/strong> The GDPR&#8217;s primary aim, which is to enhance individuals&#8217; control and rights over their personal data and to simplify the regulatory environment for international business.\u00a0 The GDPR also establishes lawful ways to collect information and provides data protection and security guidelines, as well as an individual right of informed consent, access and correction.<\/p>\n<p>The EU General Data Protection Regulation (<a href=\"https:\/\/gdpr.eu\/what-is-gdpr\/\">GDPR<\/a>) governs how personal data of individuals in the EU may be processed and transferred. It went into effect on May 25, 2018.\u00a0 \u00a0It&#8217;s a comprehensive privacy policy\u00a0 that applies across all business sectors and to companies of all sizes, including any operating but not based in the EU.<\/p>\n<p><strong>The GDPR requires<\/strong> that:<\/p>\n<ul>\n<li>Digital media companies ask users for consent to be tracked online<\/li>\n<li>Users have the right to access and correct information about them<\/li>\n<li>Users may erase links to information about them under most circumstances<\/li>\n<li>Digital media companies keep records of their interactions with users.<\/li>\n<\/ul>\n<p><strong>EU&#8217;s new digital sovereignty:\u00a0<\/strong><\/p>\n<p style=\"padding-left: 40px;\">The EU is determined to chart its own course despite vehement objections by American-based technology companies and the Trump administration. For context, recall that Europeans have a long history in this area.\u00a0 The Nazi regime used personal data\u00a0 and IBM computers to target Jewish people in the 1930s, with horrific results. The East\u00a0 German communist secret police &#8212; the Stasi &#8212; kept track of everyone from the end of World War II until 1989. When the Berlin Wall fell, inaccurate Stasi data created an enormous amount of conflict.<\/p>\n<p style=\"padding-left: 40px;\">For the past 80 years, hate speech laws have forbidden a lot of what is permitted in the\u00a0 US under the marketplace of ideas and counterspeech doctrine.\u00a0 Even so, it is vital to understand that regulating technology and privacy is not the same as censorship or suppression of political speech.<\/p>\n<p>\u00a0<strong>The <a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/digital-services-act\">Digital Services Act<\/a><\/strong> &#8212;\u00a0 The 2024 law introduces rules for online services used by European citizens in their everyday life such as marketplaces, social media networks, app stores, and online travel and accommodation platforms. The EU says the main goal of the DSA is to create a digital space that respects citizens and consumers\u2019 fundamental rights.<\/p>\n<p><strong>The <\/strong><a href=\"https:\/\/digital-markets-act.ec.europa.eu\/index_en\"><strong>Digital Markets Act<\/strong> <\/a>&#8212; Applies to large digital platforms that provide\u00a0 core platform services, for example online search engines, app stores, and messenger services.\u00a0 <span style=\"color: #444444;\">The DMA is one of the first regulatory tools to comprehensively regulate the gatekeeper power of the largest digital companies. The DMA complements, but does not change EU competition rules, which continue to apply fully.\u00a0<\/span><\/p>\n<p><strong>The <a href=\"https:\/\/artificialintelligenceact.eu\/\">Artificial Intelligence Act<\/a><\/strong> regulates by through three risk categories. First, there are those that create an <strong>unacceptable risk<\/strong>, such as government-run social scoring of the type used in China. These are banned. Second, <strong>high-risk applications<\/strong>, such as a CV-scanning tool that ranks job applicants, are subject to specific legal requirements. Lastly, applications not explicitly banned or listed as high-risk are largely left unregulated.<\/p>\n<p><strong>Enforcing the GDPR and DSA: <\/strong><\/p>\n<ul>\n<li>On Sept. 5, 2022, the <a href=\"https:\/\/www.politico.eu\/article\/europe-gdpr-enforce-big-tech-dpc\/\">Irish Data Protection Agency fined Instagram \u20ac405 million<\/a> for violations of the GDPR for mishandling information tracking children;<\/li>\n<li>The <a href=\"https:\/\/www.nytimes.com\/2023\/05\/22\/business\/meta-facebook-eu-privacy-fine.html\">EU fined Facebook \/ Meta\u00a0 \u00a01.2 billion Euros for privacy violations<\/a> on May 22, 2023.<\/li>\n<li>The European EI also\u00a0 fined Elon Musk&#8217;s X <a href=\"https:\/\/www.npr.org\/2025\/12\/05\/nx-s1-5634694\/x-musk-eu-fines\">\u20ac120 million (around $140 million) in December 2025 <\/a>by misleading users by charging for its\u00a0 &#8220;blue checkmark&#8221; system, claiming that identification was verified without actually checking. The EU also said X lacks transparency in its ad repository, and hinders researcher access to data.<\/li>\n<\/ul>\n<h3><span style=\"color: #800000;\"><b>Right to be forgotten\u00a0<\/b><\/span><\/h3>\n<div id=\"attachment_4833\" style=\"width: 210px\" class=\"wp-caption alignright\"><a href=\"https:\/\/theconversation.com\/how-a-silent-movie-informs-the-current-debate-over-the-right-to-be-forgotten-154787\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4833\" class=\"wp-image-4833\" src=\"https:\/\/revolutionsincommunication.com\/law\/wp-content\/uploads\/2021\/11\/Screen-Shot-2021-11-03-at-12.03.40-PM.png\" alt=\"\" width=\"200\" height=\"302\" srcset=\"https:\/\/revolutionsincommunication.com\/law\/wp-content\/uploads\/2021\/11\/Screen-Shot-2021-11-03-at-12.03.40-PM.png 332w, https:\/\/revolutionsincommunication.com\/law\/wp-content\/uploads\/2021\/11\/Screen-Shot-2021-11-03-at-12.03.40-PM-198x300.png 198w\" sizes=\"auto, (max-width: 200px) 100vw, 200px\" \/><\/a><p id=\"caption-attachment-4833\" class=\"wp-caption-text\">In 1915, Gabrielle Darley killed a New Orleans man. She was tried, acquitted of murder and within a few years was living a new life under her married name, Melvin. Then a blockbuster movie, \u201cThe Red Kimono,\u201d splashed her sensational story across America\u2019s silver screens. Melvin sued for that invasion of privacy and won her case, and court&#8217;s decision is often remembered in the &#8220;Right to be Forgotten&#8221; debate today.<\/p><\/div>\n<p style=\"padding-left: 40px;\">The\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Right_to_be_forgotten\"><b>right to be forgotten<\/b> <\/a> <span style=\"color: #444444;\">is the right to have private information removed from Internet searches.\u00a0 The legal concept is applied differently in Europe and in the US.\u00a0\u00a0<\/span><\/p>\n<p style=\"padding-left: 40px;\">As noted in this <a href=\"https:\/\/theconversation.com\/how-a-silent-movie-informs-the-current-debate-over-the-right-to-be-forgotten-154787\">March, 2021 essay,<\/a> the right to be forgotten dovetails with ethical concepts about criminal justice, victims and rehabilitation.<\/p>\n<p style=\"padding-left: 40px;\">Under the US First Amendment, transparency, the right of free speech and the \u201cright to know\u201d are typically favored over removing or increasing the difficulty to access truthfully published information regarding individuals and corporations.<\/p>\n<p style=\"padding-left: 40px;\">One US exception is the way some states have made it illegal to extort individuals for removal of public information, such as police photos of criminal offenders. Prior to 2015 in Virginia, for example, \u201cmug shot\u201d publications on the web would charge up to $3,000 to remove photos and true criminal incident information. Afterward, a state law prohibited that kind of activity.\u00a0 Nationally, a legal push on behalf of people who made minor mistakes and then face major harm to their reputation is underway, called the <a href=\"https:\/\/slate.com\/technology\/2019\/01\/criminal-record-expungement-internet-due-process.html\">Clean Slate Campaign<\/a>.<\/p>\n<p style=\"padding-left: 40px;\">One newspaper\u2019s approach to the issue is the\u00a0<a href=\"https:\/\/www.bostonglobe.com\/2021\/01\/22\/metro\/boston-globe-launches-fresh-start-initiative-people-can-apply-update-or-anonymize-coverage-them-thats-online\/\">\u201cBoston Globe\u2019s\u201d fresh start<\/a> campaign, which attempts to \u201cunpublish\u201d articles that are unfair or reflect racial injustice.<\/p>\n<p style=\"padding-left: 40px;\"><strong>European RTBF\u00a0<\/strong><\/p>\n<p style=\"padding-left: 40px;\">One part of the GDPR involves the rehabilitation of minor criminal offenders, and it\u00a0 was upheld in the European Court of Justice case\u00a0 <a href=\"https:\/\/en.wikipedia.org\/wiki\/Google_v_Gonz%C3%A1lez\"><i>Google v Costeja \u2013 Gonzlez<\/i><\/a>, in 2014.<\/p>\n<p style=\"padding-left: 40px;\">That case began in 1998 when a Spanish newspaper published an announcement about a property that Costeja-Gonzales had to sell to satisfy a debt. By 2009, the old article about the 1998 forced sale was still affecting his business, so he sued Google Spain to have the information de-linked.\u00a0 The courts agreed and the case set a precedent.<\/p>\n<p style=\"padding-left: 40px;\">Note that the newspaper article is still there, and the court decision about the 1998\u00a0 forced sale is still on record. Only the Google link has been changed.\u00a0 <span style=\"color: #444444;\">In these &#8220;Right to be Forgotten&#8221; cases, individuals\u00a0 request de-linking of\u00a0 outdated minor information.\u00a0 \u00a0Since 2014, Google has de-linked about four million sites.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3>Further reading<\/h3>\n<p><em><strong>Senate Judiciary Committee hearings:\u00a0<\/strong><\/em><\/p>\n<ul>\n<li><a href=\"https:\/\/www.judiciary.senate.gov\/committee-activity\/hearings\/examining-the-harm-of-ai-chatbots\">Examining the harm of AI chatbots<\/a> Sept. 16, 2025<\/li>\n<li><a href=\"https:\/\/www.judiciary.senate.gov\/committee-activity\/hearings\/protecting-the-virtual-you-safeguarding-americans-online-data\">Safeguarding American&#8217;s online data<\/a>, July 30, 2025<\/li>\n<li><a href=\"https:\/\/www.judiciary.senate.gov\/committee-activity\/hearings\/the-good-the-bad-and-the-ugly-ai-generated-deepfakes-in-2025\">The good, the bad and the ugly:<\/a> AI &#8211; generated deepfakes, May 21, 2025<\/li>\n<li><a href=\"http:\/\/judiciary.senate.gov\/committee-activity\/hearings\/the-no-fakes-act-protecting-americans-from-unauthorized-digital-replicas\">The No Fakes Act,<\/a> April 30, 2024<\/li>\n<\/ul>\n<p><em><strong>General news articles\u00a0<\/strong><\/em><\/p>\n<ul>\n<li>Electronic Frontier Foundation, &#8220;<a href=\"https:\/\/www.eff.org\/deeplinks\/2025\/09\/opt-out-october-daily-tips-protect-your-privacy-and-security\">How to protect your privacy and security<\/a>,&#8221; October 2025.<\/li>\n<li>Anjali Das, &#8220;Trifecta of state privacy laws,&#8221; <a href=\"https:\/\/www.natlawreview.com\/article\/trifecta-new-privacy-laws-protect-personal-data\">\u00a0 Sept. 2022, National Law Journal<\/a><\/li>\n<li><a href=\"https:\/\/gdpr.eu\/what-is-gdpr\/\">What is the GDPR<\/a>?\u00a0 by the GDPR.<\/li>\n<li><a href=\"https:\/\/www.wired.com\/story\/eu-digital-services-act-apple\/\">Morgan Meeker, &#8220;The EU Has a Plan to Fix Internet Privacy: Be More Like Apple,&#8221; Wired Magazine, Jan. 25, 2022.\u00a0\u00a0\u00a0\u00a0<\/a><\/li>\n<li>Instagram will <a href=\"https:\/\/www.nytimes.com\/2025\/10\/14\/technology\/instagram-teenagers-pg-13-ratings.html\">post Parental Guidance ratings\u00a0\u00a0<\/a><\/li>\n<li>Robert E.G. Beens, &#8220;The Privacy Mindset of the US versus the EU,&#8221; July 29, 2020 <a href=\"https:\/\/www.forbes.com\/sites\/forbestechcouncil\/2020\/07\/29\/the-privacy-mindset-of-the-eu-vs-the-us\/?sh=7057e64d7d01\">Forbes magazine<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Deepfakes \u2014 False digital depictions \u2014 can harm a person\u2019s privacy and reputation,\u00a0 and also pose a risk to broader society.\u00a0 While some may be\u00a0 harmless, others may involve substitution of identities in pornographic video, election interference, foreign social influence &hellip; <a href=\"https:\/\/revolutionsincommunication.com\/law\/digital-privacy\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"full-width-page.php","meta":{"footnotes":""},"class_list":["post-5417","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/revolutionsincommunication.com\/law\/wp-json\/wp\/v2\/pages\/5417","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/revolutionsincommunication.com\/law\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/revolutionsincommunication.com\/law\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/revolutionsincommunication.com\/law\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/revolutionsincommunication.com\/law\/wp-json\/wp\/v2\/comments?post=5417"}],"version-history":[{"count":5,"href":"https:\/\/revolutionsincommunication.com\/law\/wp-json\/wp\/v2\/pages\/5417\/revisions"}],"predecessor-version":[{"id":7137,"href":"https:\/\/revolutionsincommunication.com\/law\/wp-json\/wp\/v2\/pages\/5417\/revisions\/7137"}],"wp:attachment":[{"href":"https:\/\/revolutionsincommunication.com\/law\/wp-json\/wp\/v2\/media?parent=5417"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}