Data Privacy

In a cautionary decision for companies handling personal data, the Spanish Data Protection Authority (AEPD) issued a substantial fine to a telecommunications distributor following a significant data breach. In April 2021, the company at the center of the case had been targeted by a ransomware attack using Babuk malware, which encrypted files and interrupted operations. When the company refused to pay the ransom, cybercriminals published the personal data of around 13 million individuals on the dark web, exposing affected users to serious risks of fraud and identity theft.Continue Reading When Data Breaches Cost Twice – AEPD’s Landmark Fine Shows That Being the Victim of a Cyberattack Doesn’t Excuse GDPR Failures

As we predicted a year ago, the Plaintiffs’ Bar continues to test new legal theories attacking the use of Artificial Intelligence (AI) technology in courtrooms across the country. Many of the complaints filed to date have included the proverbial kitchen sink: copyright infringement; privacy law violations; unfair competition; deceptive and acts and practices; negligence; right of publicity, invasion of privacy and intrusion upon seclusion; unjust enrichment; larceny; receipt of stolen property; and failure to warn (typically, a strict liability tort).

A case recently filed in Florida federal court, Garcia v. Character Techs., Inc., No. 6:24-CV-01903 (M.D. Fla. filed Oct. 22, 2024) (Character Tech) is one to watch. Character Tech pulls from the product liability tort playbook in an effort to hold a business liable for its AI technology. While product liability is governed by statute, case law or both, the tort playbook generally involves a defective, unreasonably dangerous “product” that is sold and causes physical harm to a person or property. In Character Tech, the complaint alleges (among other claims discussed below) that the Character.AI software was designed in a way that was not reasonably safe for minors, parents were not warned of the foreseeable harms arising from their children’s use of the Character.AI software, and as a result a minor committed suicide. Whether and how Character Tech evolves past a motion to dismiss will offer valuable insights for developers of AI technologies.Continue Reading Artificial Intelligence and the Rise of Product Liability Tort Litigation: Novel Action Alleges AI Chatbot Caused Minor’s Suicide

SPB’s Julia Jacobson and Kyle Dull are offering insights at three webinars next week. Details are below or please reach out for more information.

The Evolving Role of the Privacy Officer: Challenges and Preparation (PrivacyConnect Live Webinar)

Tuesday, November 12 at 11 a.m. ET

Join Julia Jacobson a discussion with three experienced privacy officers who

We are pleased to announce that we will be participating in the 2024 ANA Masters of Advertising Law Conference in Scottsdale, AZ. We invite you to attend our breakout session and roundtable discussion, where we will examine key issues at the intersection of advertising, data risk and evolving legal trends.

Breakout Session: Data Risk Assessments

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

SPB’s Data Privacy Thought Leadership Series Starts Tomorrow! | Privacy World

Texas Attorney General Settles with Healthcare AI Firm Over

The Office of the Attorney General of Texas (“OAG”) announced a “first-of-its-kind healthcare generative AI” settlement with Pieces Technology, Inc. (“Pieces”). The settlement related to the Texas OAG allegations that Piece’s advertising and marketing claims about the accuracy of its generative artificial intelligence (GenAI) products in violation of the Texas Deceptive Trade Practices – Consumer Protection Act (“DTPA”), Tex. Bus. & Com. Code Ann. § 17.58. The Texas OAG states in its press release that the Piece’s investigation is a “First-of-its-Kind Healthcare Generative AI Investigation.”Continue Reading Texas Attorney General Settles with Healthcare AI Firm Over False Claims on Product Accuracy and Safety

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

The Trade Practitioner Blog Features Post on Key Takeaways from the Proposed August 2024 DFARS Rule | Privacy World

The

SPB’s The Trade Practitioner blog recently featured a piece on the newly proposed amendments to the Defense Federal Acquisition Regulation Supplement (DFARS). Check out the full post for an in-depth discussion on the key takeaways of the proposed rule and an explanation of the phased rollout of the Cybersecurity Maturity Model Certification (CMMC): DoD Advances

On 12 September 2024, the Australian Government introduced the Privacy and Other Legislation Amendment Bill 2024 (Bill) which represents the first tranche of Australian privacy law reforms and aims to implement some of the legislative proposals identified from Australia’s long running review of, and consultation regarding, reform of the Australian Privacy Act 1988

SPB’s Gabrielle Martin authored a piece on the recently passed Illinois HB 3773. The bill amends the Illinois Human Rights Act to protect employees against discrimination from, and require transparency about, the use of AI in employment-related decisions. Head over to Employment Law Worldview, for an in-depth discussion of the bill, including a contrast