A new report issued in May 2024 by the Centre for European Policy Studies (CEPS), an independent thinktank, is the latest development to cause concerns over the EU-U.S. Data Privacy Framework (DPF), predicting that it will likely fail if challenged before the Court of Justice of the European Union (CJEU).
In this week’s edition of Consumer Protection Dispatch, we look at the latest regulatory developments from the U.S. Department of Commerce, Consumer Financial Protection Bureau, and the Securities and Exchange Commission regarding data and AI.
On May 23, the House Subcommittee on Innovation, Data and Commerce advanced out of committee the American Privacy Rights Act (APRA), a draft piece of legislation to establish a federal data privacy standard in the United States. The legislation now moves to the full Energy and Commerce Committee for markup. Several changes were made in the draft legislation during the markup process, but the section containing a groundbreaking set of private right of action remains unchanged.
In the Cybersecurity Law Report, colleagues Jeewon K. Serrato, Shruti Bhutani Arora and Christine Mastromonaco discuss the details of the APRA’s private right of action, the remedies available to individuals and the preemptive effect of the APRA.
Click here to read the full article.
(The Consumer Protection Dispatch summarizes industry news and updates on emerging issues involving a variety of consumer protection issues including, but not limited to, data and AI.)
This week’s edition includes latest developments relating to AI laws passed by Colorado, Tennessee and Utah, U.S. Senate bipartisan working group on AI, a new privacy bill from Vermont and a new privacy law from Maryland, a new Colorado law protecting neural data, and updates from the California Privacy Protection Agency.
In a landmark decision, the U.S. Supreme Court confirmed that “[t]he Copyright Act entitles a copyright owner to obtain monetary relief for any timely infringement claim, no matter when the infringement occurred.” See Warner Chappell Music Inc. et al. v. Sherman Nealy et al., Case No. 22-1078 (May 9, 2024). The three-year statute of limitations in the Copyright Act does not bar copyright owners from recovering damages for infringement occurring more than three years ago if the lawsuit is filed within three years of discovering the infringement.
Developments in the world of name, image and likeness (NIL) rights continue to occur at an extremely swift pace.
Within the last two weeks, Virginia amended its existing NIL laws to significantly strengthen student-athlete NIL rights, and the NCAA adopted new NIL rules designed to allow schools to support student-athlete NIL endeavors. The NCAA also relaxed the NIL disclosure requirement adopted in January and announced it had selected Teamworks Innovations to build and maintain its NIL database.
The FCC’s recent introduction of a new Voluntary Cybersecurity Labelling Program for consumer Internet of Things (IoT) products reflects the continued desire by U.S. regulators to bolster the security of the ever-increasing number of internet-connected household items available to the public. UK and EU regulating authorities are no different, and are in the midst of introducing new cybersecurity requirements for the IoT.
Testing AI systems is essential for ensuring their effectiveness, reliability and safety in real-world applications. Companies can employ various mechanisms to rigorously evaluate their AI technologies.
In “Is Your AI Testing Tool a Breach of Contract Claim Waiting to Happen?”, colleagues Mia Rendar and Sam Reno explore how, as AI products grow in both popularity and technical complexity, and as robust testing tools become indispensable, the very utilization of such tools may unwittingly expose companies to legal risks.
The potential of artificial intelligence to transform industries is well-established, but what exactly does that mean for a specific industry?
For Pratt’s Energy Law Report, Robert A. James, Aimee P. Ghosh, Cara M. MacDonald and the Hon. Jerry McNerney take readers on a deeper dive exploring the opportunities, risks and regulations in the specific applications of artificial intelligence to renewable energy and to the electric power ecosystem into which renewables fit.
Read “Artificial Intelligence in Renewable Energy” now.
Electronic identification and trust services (eIDAS) refer to a range of services that include verifying the identity of individuals and businesses online and verifying the authenticity of electronic documents. Since 2014, such services provided in the EU have been subject to the eIDAS Regulation, which aimed to create a predictable regulatory environment across the EU and ensure that interoperability across different EU Member States. The eIDAS Regulation’s complexity, inflexibility and perceived limitations resulted in limited adoption, while the COVID-19 pandemic simultaneously fueled an increased demand for electronic identification. Consequently, the European Commission committed to revising the eIDAS Regulation to establish an EU-wide attribute-based electronic identity framework, incorporating a government-issued digital identity wallet to eliminate the dependence on commercial authentication providers.
