On April 8, the Department of Justice’s (“DOJ’s”) final rule on Preventing Access to US Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons (the “Rule”) formally took effect. ...more
4/21/2025
/ Compliance Dates ,
Covered Person ,
Covered Transactions ,
Data Security ,
Department of Justice (DOJ) ,
Effective Date ,
Enforcement Actions ,
Executive Orders ,
Final Rules ,
International Data Transfers ,
National Security ,
Risk Management ,
Sensitive Personal Information
Securing American leadership on artificial intelligence (AI) is a top priority for the Trump Administration. Although changes brought by the Trump Administration are certain to result in regulatory changes across the federal...more
4/3/2025
/ Artificial Intelligence ,
Critical Infrastructure Sectors ,
Department of Defense (DOD) ,
Department of Energy (DOE) ,
Energy Policy ,
Executive Orders ,
Infrastructure ,
Innovation ,
National Security ,
Regulatory Agenda ,
Trump Administration
On February 20, the Virginia legislature passed the High-Risk Artificial Intelligence Developer and Deployer Act (HB 2094), a bill that aims to prevent algorithmic discrimination by imposing requirements on businesses that...more
On January 13, 2025, the California AG’s Office (“AGO”) issued two legal advisories regarding the application of existing California law to AI generally as well as the use of AI specifically in healthcare....more
1/30/2025
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Automated Systems ,
Data Privacy ,
Discrimination ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance ,
Insurance Industry ,
Privacy Laws ,
State Attorneys General
In the final days of the Biden Administration, the U.S. Department of Health and Human Services Office for Civil Rights (“HHS OCR”) remained active in resolving a large number of investigations, reflecting the agency’s...more
On January 8, the Department of Justice (DOJ) published its final Rule implementing Executive Order 14117 (EO), “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by...more
On October 11, 2024, the U.S. Department of Defense (DoD) at long last published a final rule establishing the Cybersecurity Maturity Model Certification (CMMC) Program (the Final Rule)...more
On September 25, 2024, the Federal Trade Commission (FTC) announced the launch of “Operation AI Comply,” an initiative created to tackle unfair and deceptive business practices involving the use of artificial intelligence...more
Artificial intelligence (AI) has been a hot topic in state legislatures across the country over the past year. As is common with technology-related issues, California has taken the lead in regulating the AI space. The...more
On July 26, 2024, the National Institute for Standards and Technology (“NIST”), part of the Department of Commerce, released guidelines, a global engagement plan, and software covering various aspects of AI technology...more
On July 23, the European Commission, US Department of Justice, US Federal Trade Commission, and UK Competition and Markets Authority released a joint statement setting out shared principles on competition in markets that...more
7/26/2024
/ Algorithms ,
Artificial Intelligence ,
Competition ,
Data Collection ,
Department of Justice (DOJ) ,
EU ,
European Commission ,
Federal Trade Commission (FTC) ,
Innovative Technology ,
Joint Policy Statements ,
Machine Learning ,
Personal Data ,
Technology Sector ,
UK ,
UK Competition and Markets Authority (CMA)
On Wednesday, May 8, the Colorado state legislature passed SB 205, a bill that is focused on preventing the discriminatory effects of high-risk artificial intelligence (AI)....more
On April 4, the Cybersecurity and Infrastructure Security Agency published a notice of proposed rulemaking setting out mandatory reporting requirements for covered entities that experience cybersecurity incidents or make...more
5/13/2024
/ Biden Administration ,
Compliance ,
Covered Entities ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
DFARS ,
Form 8-K ,
NPRM ,
Proposed Rules ,
Publicly-Traded Companies ,
Ransomware ,
Reporting Requirements
On March 13, 2024, the European Parliament adopted the Artificial Intelligence Act (AI Act). It is considered to be the world’s first comprehensive horizontal legal framework for AI. It provides for EU-wide rules on data...more
3/15/2024
/ Artificial Intelligence ,
EU ,
European Commission ,
European Parliament ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Member State ,
New Legislation ,
OECD ,
Risk Assessment ,
Technology Sector
Recently, New York Governor Kathy Hochul proposed sweeping artificial intelligence (AI) regulatory measures intended to protect against untrustworthy and fraudulent uses of AI. Presented as part of her FY 2025 Executive...more
3/6/2024
/ Algorithms ,
Artificial Intelligence ,
Biden Administration ,
Deep Fake ,
Executive Orders ,
General Elections ,
Health Care Providers ,
Hiring & Firing ,
New Legislation ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Oversight ,
State Legislatures ,
State Privacy Laws
On February 28, 2024, President Biden signed Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and U.S. Government-Related Data by Countries of Concern” (the EO), under the authority of the...more
3/4/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Biden Administration ,
China ,
Consumer Financial Protection Bureau (CFPB) ,
Data Transfers ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Executive Orders ,
International Data Transfers ,
International Emergency Economic Powers Act (IEEPA) ,
Rulemaking Process ,
Russia ,
Sensitive Personal Information
On Thursday, January 25, the Federal Trade Commission’s (FTC) Office of Technology hosted the FTC Tech Summit to discuss key developments in artificial intelligence (AI). The FTC brought together thought leaders from across...more
On December 19, 2023, the Federal Trade Commission (FTC) announced an enforcement action against the retail pharmacy Rite Aid for unfair practices associated with its use of a facial recognition technology (FRT) surveillance...more
1/15/2024
/ Artificial Intelligence ,
Biometric Information ,
Customer Privacy ,
Customers ,
Data Retention ,
Enforcement Actions ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Pharmacies ,
Retailers ,
Risk Assessment ,
Rite Aid ,
Surveillance ,
Third-Party Service Provider ,
Unfair or Deceptive Trade Practices
Our initial thoughts on the Biden Executive Order first appeared on WilmerHale’s Privacy and Cybersecurity Blog the day that the Executive Order was released.
On October 30, 2023, the Biden Administration issued its...more
11/13/2023
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Department of Education ,
Department of Labor (DOL) ,
Department of Transportation (DOT) ,
Executive Orders ,
Federal Contractors ,
Government Agencies ,
Health Care Providers ,
Intellectual Property Protection ,
National Security ,
NIST ,
Regulatory Agenda ,
Technology Sector
Today, the Biden Administration released its highly anticipated Executive Order on Safe, Secure and Trustworthy Artificial Intelligence, setting forth a broad vision of the Administration’s legal, regulatory, and policy...more
On June 21, 2023, Senate Majority Leader Chuck Schumer joined the Center for Strategic and International Studies (CSIS) to launch his SAFE Innovation Framework, a comprehensive approach to address challenges associated with...more
On June 5th, the Federal Trade Commission (FTC) announced a settlement with Microsoft over alleged violations of the Children’s Online Privacy Protection Act (COPPA) for its data practices involving its Xbox live product. ...more
6/21/2023
/ Amazon ,
Compliance ,
COPPA ,
Data Collection ,
Data Retention ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Microsoft ,
Minors ,
Parental Consent ,
Personal Information ,
Popular ,
Xbox
On May 18, the Federal Trade Commission (FTC) proposed changes to the Health Breach Notification Rule (the HBNR or the Rule), including clarifying the rule’s applicability to health apps and other similar technologies. These...more
On May 31, the Federal Trade Commission (FTC or Commission) announced two separate enforcement actions against Amazon—one involving its cloud-based voice service, Alexa, and the other involving Ring, its smart doorbell...more
6/7/2023
/ ALEXA ,
Amazon ,
Artificial Intelligence ,
Biometric Information ,
Consumer Privacy Rights ,
COPPA ,
Corporate Counsel ,
Cybersecurity ,
Data Deletion ,
Data Privacy ,
Deceptive Intent ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Personal Data ,
Popular ,
Settlement ,
Unfair or Deceptive Trade Practices
On May 17, 2023, the Federal Trade Commission (the “FTC”) reached a settlement with Easy Healthcare Corporation (“Easy Healthcare”), for its fertility-tracking app, Premom. The agency alleged that Easy Healthcare failed to...more
5/25/2023
/ Corporate Counsel ,
Data Privacy ,
Data Security ,
Data-Sharing ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
Mobile Apps ,
Mobile Health Apps ,
PHI ,
Policy Statement ,
Risk Mitigation