Boniface Echols

Subscribe to Boniface Echols's Posts

California’s 2024 legislative session has been marked with exciting developments and a clear focus on setting the rules of the road for artificial intelligence (AI), with some measures becoming law and others stalling out along the way. Last month, Governor Newsom signed 17 bills regulating AI in the Golden State. Notably, Governor Newsom vetoed SB 1047, which would have imposed safety requirements on developers of large models to avoid certain harms. In vetoing the bill, Governor Newsom noted that it was not comprehensive or precise enough, improperly focused on large models even though small ones could present similar risks, and did not take into account whether an Al system is deployed in high-risk environments, involves critical decision-making, or uses sensitive data. Newsom’s veto also represents a big win for the numerous industry members, politicians, and academics who lobbied against the bill, arguing that its passage would stifle innovation in the space. Nevertheless, the AI bills Newsom did sign are expected to have wide-ranging impacts on the AI industry. A summary of those bills is below.Continue Reading Governor Newsom Signs (and Vetoes) Major California AI Legislation

Public Comments Accepted Until November 7

On September 13, 2024, the Colorado Attorney General’s office (the Colorado Department of Law) proposed draft amendments (draft regulations) to its Colorado Privacy Act (CPA) regulations, which took effect

Continue Reading Colorado Department of Law Proposes Amendments to the Colorado Privacy Act Regulations Regarding Biometric and Minors’ Data

On August 14, 2024, the Federal Trade Commission (FTC) issued a final rule that prohibits publishing or trading in fake or misleading consumer reviews and testimonials, or engaging in other related deceptive promotional tactics. Notably, under the FTC’s new rule, the commission will be authorized to seek civil penalties against violators.Continue Reading FTC Issues Final Rule Banning Fake and Misleading Consumer Reviews and Testimonials

On July 16, 2024, the California Privacy Protection Agency (CPPA) Board met to discuss advancing its over 200-page draft rulemaking package to formal proceedings.[1] The proposed regulations include 37 pages of significant new obligations spanning cybersecurity audits, automated decision-making technology (e.g., artificial intelligence, (AI)), privacy risk assessments, and 72 pages of other updates to existing regulations. Together, these regulations would create new compliance obligations for tens of thousands of California businesses and are preliminarily estimated to generate a staggering $4.2 billion in compliance costs for those businesses in their first year alone. Critically, these estimates do not include the many businesses that are based outside of California, yet subject to the California Consumer Privacy Act (CCPA) because they do business in California, meaning the real economic burden is likely to be far more significant.Continue Reading Substantial New CCPA Regulations Inch Closer to Reality: A Detailed Overview of the New Requirements and Their Projected $4 Billion Cost to California Businesses

On June 7, 2023, the New York legislature passed the Stop Addictive Feeds Exploitation (SAFE) for Kids Act (SAFE Act or the Act) and the New York Child Data Protection Act (CDPA), both aimed at protecting children online. The SAFE Act prohibits covered social media companies from providing individuals under 18 (minors) with “addictive feeds” (as defined in the SAFE Act) and overnight notifications, absent parental consent. The CDPA is intended to complement the SAFE Act by limiting the extent to which providers of internet websites, online and mobile applications, and connected devices (service) can collect, use, share, and sell minors’ personal data. If signed into law by Governor Hochul, the SAFE Act and CDPA would create new, onerous requirements for entities doing business in New York. The key provisions of each act are highlighted below.Continue Reading New York Legislature Passes a Pair of Bills to Protect Children’s Privacy Online

On May 16, 2024, the U.S. Securities and Exchange Commission (SEC) announced that it had adopted final amendments to its Regulation S-P (the Rule or Amended Rule), which governs “covered financial institutions’” treatment of consumers’ nonpublic personal information, to ensure that these entities implement incident response programs and notify consumers when their information has been compromised. Brokers, dealers, investment companies, investment advisers, crowdfunding portals, and transfer agents registered with the SEC or another appropriate regulatory agency are all considered covered institutions (CIs) under the Amended Rule.Continue Reading SEC Expands Security and Breach Notification Requirements for Investment Firms

On February 28, 2024, President Biden signed Executive Order 14117 (the Order) aimed at protecting Americans’ sensitive personal data and U.S. Government-related data from exploitation by “countries of concern.” This move constitutes a transformative overhaul in the U.S. approach to data regulation and creates the foundation for a comprehensive regulatory structure governing U.S. data.Continue Reading New Executive Order Restricts Certain Cross-Border Transactions Involving Sensitive Personal Data of U.S. Citizens