In a ruling with potential implications for other pending generative artificial intelligence (“AI”) copyright cases, the United States District Court for the District of Delaware in Thomson Reuters Enterprise Centre GmbH & West Publishing Corp. v. ROSS Intelligence Inc. has granted summary judgment for Thomson Reuters on direct copyright infringement and related defenses, as well as fair use. While the…
In Part 1 of this series, we discussed the annual cybersecurity audit requirements in the proposed rulemaking package (the “Draft Regulations”) of the California Privacy Protection Agency (the “CPPA”). In this Part 2, we discuss the Draft Regulations’ provisions on Automated Decision-Making Technology (“ADMT”). Most notably, the Draft Regulations’ definition of ADMT is more expansive than other regulatory definitions in…
On Thursday, March 6, 1:00pm-2:30pm EST, Avi Gesser will participate in a panel discussion along with Jenifer McIntosh, CIPP, Of Counsel at Stinson during an upcoming Strafford live video webinar, “Board Oversight of Artificial Intelligence: Best Practices for Governance, Compliance, and Ethical Considerations.” The panel will examine the corporate governance, data security and other challenges facing boards of directors in…
On January 28, 2025, FINRA released its 2025 FINRA Annual Regulatory Oversight Report (the “Report”). As was the case in 2024, the Report highlights continuing and emerging trends in artificial intelligence (“AI”) in the financial services sector, among other topics. In this Debevoise Client Update, we review the Report’s discussion of common generative AI (“Gen AI”) use cases, existing FINRA…
After many rounds of motions to dismiss, intellectual property cases against AI developers are moving into the discovery phase. As we previewed in our 2024 AI year in review, one of the big areas to watch in 2025 will be how much discovery courts are prepared to order into the inner workings of AI companies, especially in the face of…
The first wave of the EU AI Act’s requirements came into force on 2 February 2025, namely: Prohibited AI: the ban on the use and distribution of prohibited AI systems, and AI Literacy: the requirement to ensure staff using and operating AI possess sufficient AI literacy. All businesses caught by the EU AI Act’s jurisdictional scope – which is potentially…
Introduction On December 20, 2024, the Federal Trade Commission (the “FTC”) finalized a consent agreement (“Consent Order”) with Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC (collectively, “Marriott”) to settle allegations that Marriott failed to implement reasonable data security measures, resulting in three large data breaches from 2014 to 2020 and affecting more than 344 million customers…
On December 19, 2024, the U.S. Department of Treasury (“Treasury”) released a report on The Uses, Opportunities, and Risks of Artificial Intelligence in the Financial Services Sector (the “Report”). The Report summarizes key themes from comments from a variety of industry stakeholders (“respondents”) in response to Treasury’s June 2024 Request for Information (“RFI”), and recommends several next steps for financial…
Our top-eleven European data protection developments for the end of 2024 are: EU Cyber Resilience Act: The Council of the European Union approved the Cyber Resilience Act, introducing cybersecurity requirements for digital products sold in the EU. Businesses may wish to start applying the requirements to products and processes ahead of the Act becoming fully enforceable on 11 December 2027.…
DOJ Issues Landmark Rules on Sensitive Data On December 27, 2024, the U.S. Department of Justice (“DOJ”) issued the “Final Rule on Preventing Access to Sensitive Data,” creating a comprehensive export control regime to restrict the transfer of bulk sensitive personal and government-related data to foreign adversaries deemed threats to U.S. national security.[1] The rule focuses on protecting critical datasets,…