General

On January 29, 2025, the Copyright Office (the “Office”) released its second report in a three-part series on artificial intelligence and copyright. Part 1 was released in July 2024 and addressed digital replicas. Part 2 focuses on the copyrightability of AI-generated work – that is, providing greater detail into what level of human interaction is required for a work containing AI-generated works to rise to the level of copyrightability. The report includes eight conclusions to guide copyright applicants and concludes that existing law is sufficient to address copyrighting AI-generated works.Continue Reading Copyright Office: Copyrighting AI-Generated Works Requires “Sufficient Human Control Over the Expressive Elements” – Prompts Are Not Enough

On October 9, 2024, the European Data Protection Board (EDPB) unveiled its much-anticipated Guidelines on using legitimate interest (Article 6.1(f) of the GDPR) as a lawful basis for processing personal data. These guidelines set out clear criteria for data controllers, and will therefore be most welcome.

For years, legitimate interest has been among the go-to option for organizations, with the idea that it offers more flexibility (as long as you comply with the inherent requirements of its use). High-profile cases, like the Court of Justice of the European Union’s (CJEU) decision in Royal Dutch Tennis Association (KNLTB), acknowledged that commercial interests may qualify as legitimate, but also crystalized the tension on its uses from supervisory authorities and privacy advocates.Continue Reading Balancing the Scales: How to Use “Legitimate Interest” to Process Personal Data “Fairly”

SPB’s Julia Jacobson and Kyle Dull are offering insights at three webinars next week. Details are below or please reach out for more information.

The Evolving Role of the Privacy Officer: Challenges and Preparation (PrivacyConnect Live Webinar)

Tuesday, November 12 at 11 a.m. ET

Join Julia Jacobson a discussion with three experienced privacy officers who

Originally posted on Squire Patton Boggs’ The Trade Practitioner blog 


On October 15, 2024, the U.S. Department of Defense (DoD) released its final rule to establish the Cybersecurity Maturity Model Certification (CMMC) Program (Final CMMC Program Rule). The CMMC Program allows the DoD to verify that defense prime contractors and subcontractors (defense contractors) have implemented security safeguards for Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) and are maintaining required safeguards during the contract period of performance. The CMMC requirements apply to defense contractors that process, store or transmit FCI or CUI in the performance of a DoD contract or subcontract.

In a parallel effort, the DoD also has proposed an acquisition rule – 48 C.F.R Part 204 CMMC Acquisition Rule or (DFARS rule) – that will amend the Defense Federal Acquisition Regulation Supplement (DFARS) and contractually implement the CMMC Program (32 C.F.R. part 170) through DoD solicitations and contracts. In September we described the proposed DFARS rule, for which the comment period closed on October 15, 2024. The DoD estimates it will publish the final DFARS rule by mid-2025. The effective date of the final DFARS rule (which is 60 days after it is published in the Federal Register) is a key date since that effective date will initiate the CMMC Program’s phased rollout discussed below.Continue Reading Navigating DoD’s CMMC Program Final Rule

For the final session of our Data Privacy Thought Leadership Series, we’re thrilled to present AI in Action: AI Procurement, on October 30 at 12:00 PM ET. This session explores AI technology procurement and associated compliance issues, offering guidance for organizations ready to capitalize on AI’s potential while managing associated risks.

AI technology

The Office of the Attorney General of Texas (“OAG”) announced a “first-of-its-kind healthcare generative AI” settlement with Pieces Technology, Inc. (“Pieces”). The settlement related to the Texas OAG allegations that Piece’s advertising and marketing claims about the accuracy of its generative artificial intelligence (GenAI) products in violation of the Texas Deceptive Trade Practices – Consumer Protection Act (“DTPA”), Tex. Bus. & Com. Code Ann. § 17.58. The Texas OAG states in its press release that the Piece’s investigation is a “First-of-its-Kind Healthcare Generative AI Investigation.”Continue Reading Texas Attorney General Settles with Healthcare AI Firm Over False Claims on Product Accuracy and Safety

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

2024 Data Privacy Thought Leadership Series

The Trade Practitioner Blog Features Post on Key Takeaways from the Proposed August 2024

Join us for our Data Privacy Thought Leadership Series, where we dive into the latest trends shaping AI, marketing, and data monetization. With new state privacy laws, evolving regulatory requirements, and AI procurement challenges, this series offers practical insights to help you navigate the complex data privacy landscape.

Learn how to manage privacy assessments, stay