Legislative Development – Debevoise Data Blog

Business

UK Online Safety Bill Passed – An FAQ

By: Robert Maddox, Martha Hirst and Allegra De Lorenzo September 26, 2023

After years of deliberation, the UK passed its long-awaited Online Safety Bill (the “OS Bill”). It imposes content moderation requirements on certain online platforms and service providers to address illegal…

Artificial Intelligence

European Data Protection Roundup – June & July 2023

By: Robert Maddox, Friedrich Popp, Martha Hirst, Aisling Cowell, Tristan Lockwood, Maria Epishkina, Maria Santos and Sergej Bräuer August 16, 2023

Key takeaways from June and July include: Data transfers to the U.S.: Business may want to revisit their cross-border data transfer arrangements following the new adequacy decision for the EU-U.S.…

Artificial Intelligence

Colorado Draft AI Insurance Rules Are a Watershed for AI Governance Regulation

By: Eric Dinallo, Avi Gesser, Erez Liebermann, Marshal Bozzo, Anna Gressel, Samuel J. Allaman and Melissa Muse February 14, 2023

On February 1, 2023, the Colorado Division of Insurance (“DOI”) released its draft Algorithm and Predicative Model Governance Regulation (the “Draft AI Regulation”). The Draft AI Regulation imposes requirements on…

Consent

What the GDPR Can Tell Us About State Privacy Laws

By: Johanna Skrzypczyk, Robert Maddox and Martha Hirst November 22, 2022

The EU’s General Data Protection Regulation 2016 (the “GDPR”) changed the global privacy landscape, and has been called the “gold standard” for data protection regulation. Recently, a number of U.S.…

Enforcement

European Data Protection Roundup – October

By: Erez Liebermann, Robert Maddox, Friedrich Popp, Fanny Gauthier, Stephanie Thomas, Tristan Lockwood and Melissa Muse November 2, 2022

Key takeaways this October include: Facial Recognition: Businesses face continued challenges in establishing GDPR-compliant facial recognition technology, including those with no presence in the EEA, after the French CNIL fined…

Data Transfers

Russian Data Protection Updates: Key Points for International Businesses

By: Alan Kartashkin, Jane Shvets, Konstantin Bureiko and Robert Maddox September 12, 2022

Russia has enacted amendments to its Personal Data Law (the “Amendments”) that may have a significant impact on companies operating in Russia. The Amendments became effective on September 1, 2022, save…

Artificial Intelligence

What the ADPPA Means for U.S. Data Regulation

By: Avi Gesser, Paul D. Rubin, Johanna Skrzypczyk, Alessandra G. Masciandaro and Michael R. Roberts July 12, 2022

On June 21, 2022, the House Energy and Commerce Committee formally introduced a new federal privacy bill: the American Data Privacy and Protection Act (“ADPPA”). Notably, the ADPPA has diverse…

Artificial Intelligence

Why Ethical AI Initiatives Need Help from Corporate Compliance

By: Bruce Yannett, Avi Gesser, Douglas Zolkind, Anna Gressel and Adele Stichel April 4, 2022

Artificial intelligence (AI) is becoming part of the core business operations at many companies. This widespread adoption of AI has led to a proliferation of corporate “ethical AI” principles and…

Artificial Intelligence

Debevoise Discusses AI and Civil Liability at the Athens Roundtable on AI and the Rule of Law (Recording Now Available)

By: Anna Gressel and Jim Pastore March 30, 2022

On December 7, 2021, Anna Gressel and Jim Pastore from Debevoise’s Data Strategy and Security and Commercial Litigation Groups participated in the third edition of the “The Athens Roundtable on Artificial…

CISA

New Cyber Incident Reporting Coming for Critical Infrastructure: Five Key Takeaways

By: Luke Dembosky, Avi Gesser, HJ Brehmer and Stephanie Thomas March 16, 2022

On March 15, 2022, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Act”) into law, requiring critical infrastructure entities to report covered cybersecurity incidents…