On October 27th, the Federal Trade Commission (the “FTC”) announced that it approved an amendment to the Safeguards Rule promulgated under the federal Gramm-Leach-Bliley Act (the “Safeguards Rule”) requiring non-bank financial institutions subject to the FTC’s jurisdiction to report to the FTC data breaches affecting 500 or more people (the “Amendment”). 

The Safeguards Rule requires

With the trilogues on the draft EU AI Act entering what is probably their final phase and the idea that procuring AI cannot be done lightly spreading, organizations are often confronted with hard choices, including on how to source AI responsibly and protect against liabilities with an uncertain developing legal framework. Contractual language is one

Last week, the House of Representatives’ Committee on Energy and Commerce kicked off its first in a series of hearings surrounding the burgeoning topic of artificial intelligence (AI) with a hearing titled “Safeguarding Data and Innovation: Building the Foundation for the Use of Artificial Intelligence.”

While this was the first AI-focused Energy and Commerce hearing

Data breaches are an all-too-familiar issue, affecting businesses of all sizes and across all industries. Beyond dealing with the operational and reputational impacts and other resulting fallouts of a data breach, businesses also face enhanced class action litigation risk.

A recent high-profile case serves as a valuable reminder that companies should consider reliance upon a well-established mechanism of mitigating class action litigation risk. In In re Marriott International, Inc., Consumer Data Security Breach Litig., 78 F.4th 677 (4th Cir. 2023), the Fourth Circuit Court of Appeals reversed the district court’s certification order in a data breach class action dispute due to the effect of a class action waiver signed by all putative class members. The Marriott decision demonstrates how class action waivers can be utilized as a core strategy for mitigating heightened data breach litigation risks.Continue Reading Recent Marriott Data Breach Class Action Decision Underscores the Importance of Class Action Waivers

The Federal Communications Commission (FCC) has formally proposed for public comments new net neutrality rules that—if adopted—will impact both internet service providers (ISPs) and the entities that provide content, applications, services and devices accessed over the internet (i.e., “edge providers”). The move comes only weeks after Chairwoman Jessica Rosenworcel obtained a Democratic majority with the swearing-in of Commissioner Anna Gomez on September 25, 2023.

For ISPs, the Notice of Proposed Rulemaking (NPRM) is deja vu. The NPRM largely tracks the net neutrality rules the FCC adopted in 2015, based on reclassifying broadband internet access (BIAS) as a telecommunications service under Title II of the Communications Act. As in 2015, the NRPM proposes prohibiting blocking and throttling lawful traffic (subject to a reasonable network management practice exception) and paid prioritization by third parties (i.e., paying ISPs to prioritize traffic routing). It also proposes to adopt a general conduct standard that would mimic the 2015 rules by prohibiting any unreasonable interference with an end user’s ability to use BIAS to access services or content or to use devices.Continue Reading Net Neutrality 2.0: The FCC Revives Net Neutrality Emphasizing Concerns with Data Privacy, Cybersecurity and National Security

On October 13, 2023, Singapore and the United States (US) announced at the inaugural Dialogue on Critical and Emerging Technologies (CET Dialogue) held in Washington DC, that they had launched the world’s first ever interoperable AI Governance framework.

The CET Dialogue was co-chaired by Singapore’s Minister for Communications and Information and Minister for Foreign Affairs, as well as the US National Security Advisor and Deputy Envoy for Critical and Emerging Technology, on behalf of US Secretary of State Antony Blinken. Both countries also co-chaired a Business Roundtable on AI Safety and Innovation, together with US Deputy Secretary of Commerce Don Graves.Continue Reading Singapore and the US Publish First-of-its-Kind Interoperable AI Governance Framework

Originally posted on Squire Patton Boggs’ Global IP and Technology blog by David Elkins and Stacy Swanson.

The U.S. is generally viewed as “behind” in its regulation of AI compared to the European Union and Asian countries. Yet ChatGPT’s release triggered a tsunami of U.S. legislation in 2023 from federal and state legislators seeking to address perceived concerns with the emerging and fast evolving technology. State legislatures have introduced nearly 200 AI bills in 2023. Congress does not have nearly that number of AI bills, with about 30 bills tabled thus far. The various pieces of U.S. legislation – federal or state – seek to regulate both the creation of AI models and how those models may be used.Continue Reading Federal Policymakers: Chasing the Runaway AI Train

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Registration Open for In-Person CLE: The Important Role Legal Plays in an Era of Growing Data Risks – Key Findings

According to the 2023 ACC CLO Survey, legal teams are facing unique and growing data-related challenges in this ever-changing regulatory and threat landscape. Data requirements for privacy and compliance continue to become more complex and confusing and the risk of resulting litigation continues to rise.

Team SPB will partner with Exterro, a leading e-discovery

As courts throughout the country wrestle with Article III standing in Session Replay Code cases alleging violations of wiretapping laws, consumer protection statutes and privacy torts, another federal court from the Eastern District of Missouri has joined those recently holding that a plaintiff must allege the sharing of some type of personal or sensitive information on the website in question in order to adequately alleged a concrete harm supporting Article III standing. Where the plaintiff failed to do so, the Court found Plaintiff failed adequately allege a concrete harm and dismissed her putative class action complaint for lack of standing in Adams v. PSP Group, LLC, No. 4:22-CV-1210 RLW, 2023 WL 5951784, — F. Supp.3d —- (E.D. Mo. September 13, 2023).Continue Reading Missouri Federal Court Declines to Transfer Case to Join Session Replay Class Actions in Washington and Dismisses Case for Plaintiff’s Failure to Allege Standing