X Agrees to Stop Processing EU Data to Train its Grok AI -
Ireland’s Data Protection Commission (“DPC”) recently filed an urgent High Court application against X (formerly Twitter) for using the personal data of European...more
9/13/2024
/ Artificial Intelligence ,
Cybersecurity ,
Data Collection ,
Data Protection ,
Data Security ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
Fines ,
Ireland ,
Liability ,
Personal Data ,
Sensitive Personal Information ,
Twitter ,
Uber
New BIPA Ruling: Dismissal of Claims Against Samsung Over its Face App Data -
On July 24, 2024, a federal judge in Illinois dismissed the case GT v. Samsung Electronics America, Inc., in which a putative class of Samsung...more
8/19/2024
/ Biometric Information Privacy Act ,
Data Protection ,
Enforcement ,
European Commission ,
European Parliament ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Illinois ,
Information Commissioner's Office (ICO) ,
Informed Consent ,
Minor Children ,
Personal Information ,
Settlement ,
Social Media ,
State Data Privacy Laws ,
Tracking Systems ,
UK
U.S. Court Axes Most of SEC's SolarWinds Data Breach Suit -
The U.S. District Court for the Southern District of New York recently dismissed much of the U.S. Securities and Exchange Commission’s (“SEC”) suit against...more
8/2/2024
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
COPPA ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Dismissals ,
EU ,
EU-US Privacy Shield ,
European Economic Area (EEA) ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Instant Messaging Apps ,
Misleading Statements ,
Regulation Technical Standards (RTS) ,
Risk Assessment ,
ROSCA ,
Securities and Exchange Commission (SEC) ,
Settlement ,
SolarWinds
The Labour Party has indicated an intention to implement specific regulation in relation to AI in the UK. However, the manifesto on which the party has won power, did not propose any general AI legislation. New legislation...more
SEC Fines the New York Stock Exchange’s Parent Company $10 million for Failure to Promptly Notify Its Subsidiaries of Cybersecurity Breach -
On May 22, 2024, the Securities and Exchange Commission (“SEC”) imposed a $10...more
6/14/2024
/ Annual Reports ,
Artificial Intelligence ,
Breach Notification Rule ,
Colorado ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Information Commissioner's Office (ICO) ,
Machine Learning ,
New Legislation ,
NYSE ,
Popular ,
Securities and Exchange Commission (SEC) ,
UK
European Parliament Approves EU AI Act -
On March 13, 2024, the European Parliament approved the EU Artificial Intelligence Act (“AI Act”). A first of its kind legal framework for AI, the AI Act has extraterritorial effect,...more
3/29/2024
/ Appeals ,
Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Consent ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity Framework ,
Data Brokers ,
Data Collection ,
European Parliament ,
Federal Trade Commission (FTC) ,
Foreign Adversaries ,
General Data Protection Regulation (GDPR) ,
Popular ,
Sensitive Personal Information ,
Strategic Planning ,
Transparency
DORA became law in December 2022 but provides for a grace period until 17 January 2025 for organisations to put in place the necessary measures to comply.
The new rules will require engagement from both an operational and...more
3/7/2024
/ Asset Management ,
Audits ,
Cryptoassets ,
Cybersecurity ,
Enforcement ,
EU ,
European Commission ,
European Supervisory Authorities (ESAs) ,
General Data Protection Regulation (GDPR) ,
New Rules ,
Penalties ,
Reporting Requirements ,
Risk Management ,
Third-Party Risk ,
UCITS
FTC Proposes New Protections to Guard Against AI Impersonations of Individuals -
Amidst growing concerns that emerging technology—including AI-generated deepfakes—threaten to increase the prevalence of impersonation fraud,...more
3/1/2024
/ Anti-Terrorism Financing ,
Artificial Intelligence ,
Cybersecurity ,
Deep Fake ,
EU ,
European Convention on Human Rights ,
Federal Trade Commission (FTC) ,
Human Rights ,
Russia ,
Securities and Exchange Commission (SEC) ,
Terms of Service
An AI system cannot be named as the inventor in a UK patent application – the inventor(s) must be human.
Technical developments created by AI cannot be ‘inventions’ within the meaning of UK patent legislation. UK patent...more
1/25/2024
/ Artificial Intelligence ,
Authorship ,
Biden Administration ,
European Commission ,
European Patent Office ,
Executive Orders ,
Inventors ,
Patent Applications ,
Patent Litigation ,
Patent Ownership ,
Research and Development ,
UK Patent Act ,
UK Supreme Court ,
USPTO
FTC Settles with Rite Aid on its Use of AI and Processing of Biometric Information -
The Federal Trade Commission (“FTC”), on December 19, 2023, announced that it had reached a settlement with Rite Aid Corporation (“Rite...more
1/19/2024
/ Artificial Intelligence ,
Biometric Information ,
COPPA ,
Data Brokers ,
Data Retention ,
Enforcement Actions ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
FTC Act ,
Inventors ,
Notice of Proposed Rulemaking (NOPR) ,
Opt-In ,
Patents ,
Rite Aid ,
Sensitive Personal Information ,
Settlement ,
UK
EU AI Act: Political Agreement Reached on Terms of Landmark Legislation -
Negotiators for the European Council and the European Parliament have reached political agreement on the provisions of the EU Artificial...more
12/15/2023
/ Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Cookies ,
Court of Justice of the European Union (CJEU) ,
EU ,
Federal Trade Commission (FTC) ,
Fines ,
General Data Protection Regulation (GDPR) ,
Neglect ,
New Legislation ,
UK
Clearview AI was issued with an enforcement action including a fine of around £7.5million and an order to delete certain data by the ICO for breaches of the UK GDPR in relation to its facial recognition data. The Tribunal...more
NSA and CISA Release Report on “Top Ten” Cybersecurity Misconfigurations; CISA Calls for Software Manufacturers to Implement Best Practices -
On October 5, 2023, the United States National Security Agency (NSA) and...more
10/20/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Transfers ,
European Data Protection Board (EDPB) ,
Federal Trade Commission (FTC) ,
Fines ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Investigations ,
Law Enforcement ,
Manufacturers ,
National Security Agency (NSA) ,
Personal Data ,
Popular ,
Settlement ,
Software ,
UK ICO
The UK has approved the UK-U.S. Data Bridge facilitating flows of personal data to U.S. entities that have self-certified to the EU-U.S. Data Privacy Framework (‘DPF’), provided that those entities extend their DPF...more
9/25/2023
/ Compliance ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Personal Data ,
Privacy Framework ,
Safe Harbors ,
Schrems I & Schrems II ,
UK ,
UK GDPR
FTC Finalizes Settlement with 1Health.io For Allegations It Failed to Protect Customers’ DNA Data -
On September 6, 2023, the Federal Trade Commission’s agreement with the genetic testing firm 1Health.io Inc. – formerly...more
9/25/2023
/ Background Checks ,
California ,
California Consumer Privacy Act (CCPA) ,
Consent Agreements ,
Consumer Reporting Agencies ,
Data Brokers ,
Data Collection ,
Data Security ,
Data-Sharing ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Gramm-Leach-Blilely Act ,
Information Commissioner's Office (ICO) ,
Law Enforcement ,
New Legislation ,
Personal Data ,
Personal Information ,
Privacy Policy ,
Settlement ,
UK ,
UK GDPR
WorldCoin is a cryptocurrency project which uses iris scanning technology to issue a “World ID” as a digital identifier. Privacy concerns over WorldCoin have been voiced by several data protection authorities worldwide....more
8/23/2023
/ Artificial Intelligence ,
Biometric Information ,
CNIL ,
Cryptocurrency ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Data Storage ,
EU ,
General Data Protection Regulation (GDPR) ,
HMRC ,
Information Commissioner's Office (ICO) ,
Popular ,
UK
SEC Finalizes Cybersecurity Disclosure Rules for Public Companies -
On July 26, 2023, the Securities and Exchange Commission (“SEC”) voted to adopt new rules requiring public companies to make certain disclosures...more
8/4/2023
/ California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Enforcement ,
Federal Trade Commission (FTC) ,
Final Rules ,
Foreign Private Issuers ,
Form 8-K ,
Hospitals ,
Investment Company Act of 1940 ,
Mobile Apps ,
Securities and Exchange Commission (SEC) ,
Telehealth ,
Tracking Systems ,
Websites
In 2020, the UK Government asked the Law Commission to review the legal status of digital assets in England and Wales, with the aim of making the UK an attractive jurisdiction for crypto development and investment. The Law...more
California Court Pauses Enforcement of Most Recent CCPA Regulations until March 2024 -
On June 30, 2023, the Superior Court of California, County of Sacramento (California Chamber Of Commerce v. California Privacy...more
7/21/2023
/ Biden Administration ,
California ,
California Consumer Privacy Act (CCPA) ,
Cross-Border ,
Cybersecurity ,
Data Privacy ,
Enforcement ,
EU ,
European Commission ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
NYDFS ,
Presidential Nominations ,
Privacy Framework ,
Proposed Regulation ,
Regulatory Agenda
The Department of Health and Social Care in the United Kingdom has published a proposed update to its policy regarding access to National Health Service (NHS) data for research purposes. The proposed update focuses on the...more
The International Institute for the Unification of Private Law (UNIDROIT) has adopted draft Principles on Digital Assets and Private Law (the “Principles”). These Principles comprise legislative guidance and best practices in...more
The EU General Court has overruled the European Data Protection Supervisor and held that pseudonymised data will not be personal data for the purposes of EU data protection law when transferred to a recipient that is unable...more
Biden Administration to Introduce New National Cyber Strategy for Critical Infrastructure -
The Biden administration is reportedly working on a National Cyber Strategy for critical infrastructure that will advocate a more...more
1/20/2023
/ Biden Administration ,
Chemicals ,
Class Action ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Collection ,
Data Security ,
Energy Sector ,
Facial Recognition Technology ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
National Security ,
NIST ,
Oil & Gas ,
OMB ,
Pipelines ,
Proposed Legislation ,
Public Safety ,
Railways ,
Settlement ,
TSA ,
Water
The High Court has granted the victim of a cyberattack a permanent injunction against cyberattackers without the victim organisation having to reveal its identity. Generally, a claimant's identity is public in court...more
SEC Chair Gensler Indicates Commission is Looking to Update SEC’s Regulation S-P -
On September 28, 2022, Securities and Exchange Commission (“SEC” or the “Commission”) Chairman Gary Gensler appeared via video at the...more
10/14/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Algorithms ,
Anti-Discrimination Policies ,
Artificial Intelligence ,
Biden Administration ,
Broker-Dealer ,
Cloud Service Providers (CSPs) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
Federal Trade Commission (FTC) ,
Foreign Trade Regulations ,
Gramm-Leach-Blilely Act ,
Hackers ,
Information Commissioner's Office (ICO) ,
International Data Transfers ,
Investment Adviser ,
Investment Companies ,
Privacy Framework ,
Regulation S-P ,
Request For Information ,
Right of Access ,
Securities and Exchange Commission (SEC) ,
Subject Access Request (SAR) ,
Title V ,
U.S. Commerce Department ,
Uber ,
UK ,
UK GDPR