As robotics technology rapidly advances in connection with the use of artificial intelligence (AI), the collection, processing, and storage of personal information—including biometric data—will become increasingly common....more
“Dark patterns” have increasingly been the focus of legislative and regulatory scrutiny. Yet the phrase is never used in business. No business designs a website, mobile app, or business process with the instruction, “let’s...more
2/26/2025
/ Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Privacy ,
Disclosure Requirements ,
Endorsements ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
State Privacy Laws ,
Unfair or Deceptive Trade Practices
In 2024, the California legislature passed 17 laws related to artificial intelligence (AI). These new laws cover various themes and industries, including but not limited to deepfakes, training data disclosures, health care,...more
1/28/2025
/ Artificial Intelligence ,
California ,
Compliance ,
Data Privacy ,
Deep Fake ,
Disclosure Requirements ,
Entertainment Industry ,
Governor Newsom ,
Healthcare ,
New Legislation ,
Online Platforms ,
Regulatory Agenda ,
Social Media ,
Transparency
With the governor’s signature, Colorado has enacted a new consumer protection law focused on artificial intelligence (“AI”) systems. The “Colorado AI Act” will go into effect on February 1, 2026. It will have a minor impact...more
10/30/2024
/ Algorithms ,
Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Colorado ,
Consumer Protection Laws ,
Disclosure Requirements ,
Enforcement ,
Financial Services Industry ,
Healthcare ,
Hiring & Firing ,
Machine Learning ,
Risk Management ,
Software Developers ,
State Attorneys General
On October 16, 2024, the New York Department of Financial Services (NYDFS) issued an Industry Letter that discusses the cybersecurity risks associated with the use of artificial intelligence (AI) and outlines strategies to...more
10/25/2024
/ Artificial Intelligence ,
Bad Actors ,
Covered Entities ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Collection ,
Deep Fake ,
NYDFS ,
Popular ,
Risk Assessment ,
Risk Management ,
Third-Party Service Provider
This is part four of our examination of the European Union’s new artificial intelligence law, the (“EU AI Act”). In part one, we introduced the scope of the EU AI Act and discussed what types of AI systems are outright...more
This is part three of our examination of the European Union’s new artificial intelligence law (the “EU AI Act”). In part one, we introduced the scope of the EU AI Act and discussed what types of AI systems are outright...more
This is part two of our examination of the European Union’s new artificial intelligence law, the (“EU AI Act”). In part one, we introduced the scope of the EU AI Act and discussed what types of AI systems are outright...more
New cybersecurity guidance for artificial intelligence (AI) systems, available here, was recently issued jointly by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the National Security Agency’s...more
The European Union recently enacted its new artificial intelligence regulation, the (“EU AI Act”). The new law is expected to have a substantial impact on the AI industry, including on companies outside of the EU, much as...more
Since late June 2023, the California Privacy Protection Agency (CPPA) has been prohibited by court order from enforcing the regulations it finalized on March 29 of last year. According to that ruling, because the text of the...more
On October 10, Governor Gavin Newsom signed into law California’s most recent foray into the world of consumer data privacy: the Delete Act. Targeting so-called data brokers, the Act expands on regulations already in place...more
On July 26, 2023, the Securities and Exchange Commission (SEC) announced the adoption of final rules relating to cybersecurity risk management, strategy, governance, and incident disclosures. The new rules define a...more
The European Union (EU) announced on July 10 that it had formally adopted the adequacy decision for the EU-U.S. Data Privacy Framework, which goes into effect on July 11. U.S. organizations have been without a...more
On May 22, Ireland’s Data Protection Commission (DPC) announced that it had imposed a €1.2 billion fine on Meta Platforms for violating the European Union’s General Data Protection Regulation (GDPR) in its use of standard...more
With so much attention focused on the California Privacy Rights Act (CPRA) going into effect on January 1, 2023, it is not surprising that the enactment of another far-reaching California privacy law has flown beneath the...more
On June 4, 2021, the European Commission introduced the new set of Standard Contractual Clauses (“SCCs”), a primary mechanism for lawfully transferring personal data from Europe to the United States under the European Union’s...more
Meghan Stoppel, who spent over a decade serving as an Assistant Attorney General, and later a Consumer Protection Chief, to both Democratic and Republican state attorneys generals, talks to Andy Baer, Chair of Cozen...more
On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules that would require public companies to report detailed information about material cybersecurity incidents affecting their business and...more
The Federal Financial Institutions Examination Council (FFIEC), an interagency body of leading financial regulators, including the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency,...more
On November 10, the European Data Protection Board (EDPB), the European Union’s top data privacy regulator, issued long-awaited guidance setting out a framework for navigating transfers of data out of the European Economic...more
On June 24, the eve of the July 1 enforcement date for the California Consumer Privacy Act (CCPA), the California Secretary of State certified the California Privacy Rights Act (CPRA), the latest brainchild of privacy...more