Debevoise Data Blog – Page 44

Eight GDPR Questions when Adopting Generative AI

By: Avi Gesser, Robert Maddox, Friedrich Popp and Martha Hirst October 10, 2023

As businesses adopt Generative AI tools, they need to ensure that their governance frameworks address not only AI-specific regulations such as the forthcoming EU AI Act, but also existing regulations, including the EU and UK GDPR. In this blog post, we outline eight questions businesses may want to ask when developing or adopting new Generative AI tools or when considering…

The Final Colorado AI Insurance Regulations: What’s New and How to Prepare

By: Avi Gesser, Erez Liebermann, Eric Dinallo, Matt Kelly, Corey Goldstein, Stephanie Thomas, Samuel J. Allaman and Basil Fawaz October 3, 2023

On September 21, 2023, the Colorado Division of Insurance (the “DOI”) released its Final Governance and Risk Management Framework Requirements for Life Insurers’ Use of External Consumer Data and Information Sources, Algorithms, and Predictive Models (the “Final Regulation”). As discussed below, the Final Regulation (which becomes effective on November 14, 2023) reflects several small changes from the previous version of…

European Data Protection Roundup – August 2023

By: Robert Maddox, Friedrich Popp, Aisling Cowell, Stephanie Thomas, Tristan Lockwood, Melissa Muse, Melyssa Eigen, Maria Epishkina and David Z. Rochelle September 27, 2023

Key takeaways from August include: Conflicts of interest: Businesses should consider re-evaluating their data protection officer’s role and responsibilities, including dual roles on boards and committees, to prevent conflicts of interest arising in light of the Spanish AEPD’s €5,000 fine for related failures; Automated decision-making: Businesses need not disclose the algorithms used in automated decision-making in response to data subject access requests,…

UK Online Safety Bill Passed – An FAQ

By: Robert Maddox, Martha Hirst and Allegra De Lorenzo September 26, 2023

After years of deliberation, the UK passed its long-awaited Online Safety Bill (the “OS Bill”). It imposes content moderation requirements on certain online platforms and service providers to address illegal and harmful content. The OS Bill reflects a recent trend to scrutinise online platforms’ and service providers’ operations, particularly their interaction with children. For example, the UK ICO has made…

California Privacy Protection Agency Begins CCPA Rulemaking for Cybersecurity Audits

By: Avi Gesser, Johanna Skrzypczyk, Michael R. Roberts and HJ Brehmer September 20, 2023

Earlier this month, staff at the California Privacy Protection Agency (the “Agency” or “CPPA”) put forward Draft Cybersecurity Audit Regulations (“the Draft”) for the CPPA Board’s consideration. While the Agency has yet to begin formal rulemaking, the Draft suggests an ambitious role for the Agency in setting cybersecurity norms for entities covered by the CCPA and echoes requirements found elsewhere…