Privacy

Subscribe to Privacy via RSS

On February 2, 2024, a committee of ambassadors from all countries of the European Union (EU) approved the latest draft of the EU Artificial Intelligence Act (AIA or the Act). Following weeks of speculation that there could be a blocking minority of EU countries who had concerns about the final text, this vote confirms that the AIA has substantial support within the Council of the EU (Council). This means that the AIA has a good chance to become law within the coming months. For more information about the scope and requirements in the AIA, please see our client alert on last December’s political agreement on the AI Act, available here.

Continue Reading The AI Act Just Got One Step Closer to Becoming Law

In 2024, businesses will continue to face an evolving landscape of privacy opportunities and challenges, including an increasingly complex data regulatory environment that extends beyond the General Data Protection Regulation (GDPR). With heightened scrutiny from regulators, consumers, and investors, the need to bolster privacy and data management practices has become even more important. Here’s our top 10 list of what to watch for in the privacy and data regulatory space in 2024:

Continue Reading 10 Privacy Predictions in the EU for 2024

2023 was one of the busiest years for privacy yet—with more to come in 2024. Five new U.S. state privacy laws (in Texas, Florida, Oregon, Montana, and Washington) will come into effect in 2024. And federal and state regulators are sure to focus on hot areas like artificial intelligence, children’s privacy, and the collection, use, and sharing of consumer health data, among others. Given this backdrop, here are our top 10 predictions for privacy regulation in 2024:

Continue Reading U.S. Privacy Predictions: What to Watch for in 2024

On December 8, 2023, the California Privacy Protection Agency (CPPA) Board discussed a draft of its forthcoming artificial intelligence (AI) regulations on automated decision making technology (ADMT). The proposed regulations, published earlier on November 27, 2023, would impose significant new requirements on businesses subject to the California Consumer Privacy Act (CCPA) that use ADMT for certain use cases. The ADMT draft rules are expected to be part of the Agency’s larger rulemaking package alongside rules governing cybersecurity audits and risk assessments under the CCPA, as amended by the California Privacy Rights Act. While the draft ADMT regulations currently have no legal effect and are likely to undergo further revision before formal rulemaking begins, the current draft nonetheless provides an important preview of the rigorous new compliance requirements that could later take effect. Notable items put forth for public discussion include:

Continue Reading Draft California AI Regulations Become One Step Closer to Reality: An Analysis of Requirements on the Horizon

On December 8, 2023, the EU finally agreed on the world’s first comprehensive legal framework on AI: the AI Act. EU lawmakers reached a political agreement on a series of controversial issues after record-long negotiations. They are expected to formally adopt the agreed text within the next couple of months. If adopted, the AI Act will ban certain AI systems, regulate general purpose AI (GPAI), impose heavy obligations on high-risk AI systems, subject to high fines, and support innovation through regulatory “sandboxes.” The AI Act will have an extraterritorial reach. Being the first law of its kind globally, the AI Act has the potential to establish a benchmark for AI regulation in other regions, just as the EU General Data Protection Regulation (GDPR) has accomplished.

Continue Reading EU Lawmakers Reach Political Agreement on the AI Act