The key development from April must be the European Data Protection Board (“EDPB”) approving the draft UK adequacy decisions from the European Commission (the “Commission”). Companies will be relieved that they are one step closer towards maintaining the seamless flow of data between the EU and the UK. Other notable developments this month include the publication of the Commission’s highly…

Our three previous articles in this series on the future of AI regulation have discussed the RFI on AI issued by U.S. banking regulators, the draft EU AI regulation, and the FTC’s recent guidance on AI bias and fairness. In this fourth post, we have taken those important developments in AI regulation, along with some other recently issued guidance, and…

In our first post in this series on the future of AI regulation, we discussed the recent request for information (“RFI”) from U.S. federal banking regulators on the use of AI. Our second post addressed the European Commission’s draft AI legislation. In this third installment, we discuss the Federal Trade Commission’s (“FTC”) recent blog post entitled “Aiming for truth, fairness,…

On Monday, May 3, 2021, Anna Gressel and Avi Gesser from our Data Strategy and Security Group, had an interesting discussion with Stephen McDougall, Chief Counsel for Data and Privacy Law at Prudential Financial, on the Future of AI Regulation. During the webcast, we discussed several recent regulatory developments, including the European Commission’s Draft AI Regulation, the U.S. banking regulators’…

In this Part 2 of our series on the future of artificial intelligence (“AI”) regulation, we examine the draft EU legislation. Part 1 of the series (on U.S. banking regulators’ RFI) can be found here. Upcoming parts of this series will cover the recent FTC pronouncement on AI, as well as steps companies can take now to prepare their AI…

Several recent developments provide new insight into the future of artificial intelligence (“AI”) regulation. First, on March 29, 2021, five U.S. federal regulators published a request for information (“RFI”) seeking comments on the use of AI by financial institutions. Second, on April 19, the FTC issued a document entitled “Aiming for truth, fairness, and equity in your company’s use of…

On 1 March 2021, Federal Law No. 519-FZ on Amendments to the Federal Law on Personal Data dated 30 December 2020 (the “Law”) came into force. The Law places additional burdens on companies operating in Russia to obtain consents from individuals whose personal data will be posted on a publicly available website, for example, while creating a profile on a…

On April 14, 2021, the New York State Department of Financial Services (the “DFS”)  announced that its cyber enforcement action against National Securities Corporation (“National Securities”) has been resolved by a Consent Order that imposes a $3 million penalty. This is the latest step in the DFS’s very active cyber-enforcement agenda.  The charges against First American Title Insurance Company are…

March gave companies plenty to take stock of.  A multi-million euro fine for deficient vendor oversight, scrutiny of unlawful data transfers to a well-known U.S. email marketing service provider, and a €475,000 penalty for late reporting of a data breach affecting just a few thousand individuals, and more.  Here are our highlights of what you need to know. Spanish DPA…

On March 15, 2021, California’s Attorney General announced the adoption of updates to the regulations implementing the California Consumer Protection Act (“CCPA”).  The final (for now) regulations are available here. These latest updates are effective immediately. The version that took effect yesterday is substantially identical to the draft updates that the Attorney General proposed on December 10, 2020.  (We discussed…