On August 27, 2020, Vincent Pitaro of the Hedge Fund Law Report published: Debevoise Attorneys Discuss AI Regulation With of FINRA’s Office of Financial Innovation.  The article summarizes our discussion with Mr. Workie on: FINRA’s Office of Financial Innovation and its report on AI Common uses of AI in the securities industry Regulatory and reputational risks associated with AI How…

The widespread criticism, and partial abandonment, of the algorithm that was used to evaluate UK students serves as useful reminder that corporate AI programs carry significant regulatory and reputational risks, and that careful planning, testing and governance are needed throughout the process to mitigate those risks. Background In March, due to the pandemic, UK authorities canceled the exams that students…

Competition v Privacy Competition and consumer authorities are increasingly considering the implications of digital platforms’ ownership and use of consumer data and whether concerns about harm to privacy are indicative of a lack of competition. For a long time the orthodoxy in the EU had been that competition authorities were sensitive to the possible issues of data concentration, but, equally,…

As we have discussed in recent webinars and blog posts, the New York Department of Financial Services has recently brought its first enforcement action under its cybersecurity rules (23 N.Y.C.R.R. Part 500).  When the NYDFS cyber rules were first enacted in 2017, they were widely regarded as the most comprehensive cybersecurity regulation in the United States. Almost all insurance companies…

On July 13, 2020, the Federal Trade Commission (“FTC”) hosted a virtual workshop on its proposed changes to the Standards for Safeguarding Customer Information (“Safeguards Rule”). The workshop followed up on the FTC’s 2019 notice of proposed rulemaking requesting public comment on its proposal to amend the Safeguards Rule. The workshop was intended to provide a forum to explore “the…

July was a busy month for data protection in the EU and UK.  While the long-awaited Schrems II decision captured the most headlines, data protection authorities (“DPAs”) and Member State courts have been busy too.  We cover here some of the highlights, ranging from a €16.7m fine in Italy – the fourth largest GDPR penalty to date – to court…

On August 6, 2020, Anna Gressel and Avi Gesser from Debevoise’s Data Strategy and Security Group, along with their special guest, Andrew Smith, the Director of the FTC’s Bureau of Consumer Protection, had an insightful conversation about the FTC’s recent guidance on Using Artificial Intelligence and Algorithms, including: The FTC’s enforcement authority related to AI and automated decision-making technologies, including…

As covered in our previous blog post, the CJEU has invalidated the EU-U.S. Privacy Shield for cross-border transfers of personal data from the EU to the U.S. (the “Schrems II” decision) and cast significant doubts over whether companies can continue to use the European Commission-approved Standard Contractual Clauses (“SCCs”) to transfer EU personal data to the U.S., or to other…

On July 23, 2020, Anna Gressel and Avi Gesser from Debevoise’s Data Strategy and Security Group, along with their special guest, Haimera Workie, the Head of Financial Innovation and Senior Director of FINRA’s Office of Financial Innovation, had an insightful conversation about FINRA’s recent report on Artificial Intelligence in the Securities Industry, including: How AI and machine learning are currently…

The New York State Department of Financial Services (“DFS”) issued a Statement of Charges and Notice of Hearing (the “Charges”) earlier today against First American Title Insurance Company (“First American”) for multiple violations of the DFS Part 500 Cybersecurity Regulation (the “Regulation”), including: Failure to perform an adequate risk assessment Failure to maintain proper access controls Failure to provide adequate security…