Regulatory Enforcement

Building off of the momentum from last year’s torrent of new comprehensive state privacy laws, 2024 has begun with a bang as two more states have now entered the picture. On January 16, 2024, New Jersey became the latest state to enact comprehensive privacy legislation with the New Jersey Data Privacy Act (NJDPA). New Hampshire’s state legislature quickly followed suit by passing Senate Bill 255 and it is currently awaiting finalization before becoming law.Continue Reading Two New States Enter the Privacy Fray

California Attorney General Rob Bonta announced an investigatory sweep into popular streaming apps and devices, timed to coincide with Data Privacy Day on January 28. The California Attorney General’s Office explained that it is sending letters to such streaming services alleging a failure to comply with the requirement to offer an easy mechanism to opt out of the sale or sharing of personal information under the California Consumer Privacy Act (CCPA).Continue Reading California Announces Sweep on Streaming Services and More Enforcement To Come

The White House recently issued its most extensive policy directive yet concerning the development and use of artificial intelligence through a 100-plus-page Executive Order titled “Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” and accompanying “Fact Sheet” summary.

Following in the footsteps of last year’s Blueprint for AI Bill

Among the many open questions about large-language models (LLMs) and generative artificial intelligence (AI) are the legal risks that may result from AI-generated content. While AI-specific regulation remains pending and continues to develop in jurisdictions around the world, the following article provides a high-level summary of illegal and harmful content risks under existing law, as well as mitigations that companies may wish to consider when developing baseline models and consumer-facing generative AI tools. (For copyright and intellectual property (IP)-related issues, see Perkins Coie Updates.)Continue Reading Generative AI: How Existing Regulation May Apply to AI-Generated Harmful Content

The UK Online Safety Bill was passed by Parliament earlier this week and is expected to soon become law through royal assent. The Online Safety Act (UK OSA) will impose a series of sweeping obligations, including risk assessment, content moderation, and age assurance requirements, on a variety of online services that enable user-generated content, including but not limited to social media and search providers.

Among the most notable aspects of the UK OSA are its “duties of care.” The law will impose a series of affirmative obligations to assess and mitigate safety risks.Continue Reading UK Parliament Passes a Sweeping and Controversial Online Safety Bill

The New York City Department of Consumer and Worker Protection (DCWP) adopted final rules for Local Law 144 on April 6, 2023. This landmark law prohibits employers from using automated employment decision tools (AEDTs) to evaluate job candidates or employees when making employment decisions, unless certain bias audit and notice requirements are met. Enforcement of

International, federal, and state privacy regulators highlighted their ambitious agendas at the 2023 IAPP Global Privacy Summit in Washington, D.C. They, along with speakers from an array of private organizations, underscored the following takeaways that should be top of mind for businesses:Continue Reading Ten Takeaways From the 2023 IAPP Global Privacy Summit

Artificial Intelligence (AI) and automated systems can increase efficiency and help reduce human error. However, the National Institute of Standards and Technology (NIST), the White House, and the Equal Employment Opportunity Commission (EEOC) are warning companies that uncritical reliance on AI can have legal consequences, including potentially building in bias that can lead to claims

This is the second in a series of updates addressing the bilateral data access agreement (Data Access Agreement or agreement) between the United States and the United Kingdom under the Clarifying Lawful Overseas Use of Data Act (CLOUD Act). The agreement, which entered into force on October 3, 2022, is designed to facilitate cross-border criminal