As robotics technology rapidly advances in connection with the use of artificial intelligence (AI), the collection, processing, and storage of personal information—including biometric data—will become increasingly common....more
“Dark patterns” have increasingly been the focus of legislative and regulatory scrutiny. Yet the phrase is never used in business. No business designs a website, mobile app, or business process with the instruction, “let’s...more
2/26/2025
/ Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Privacy ,
Disclosure Requirements ,
Endorsements ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Privacy Laws ,
State Privacy Laws ,
Unfair or Deceptive Trade Practices
With the governor’s signature, Colorado has enacted a new consumer protection law focused on artificial intelligence (“AI”) systems. The “Colorado AI Act” will go into effect on February 1, 2026. It will have a minor impact...more
10/30/2024
/ Algorithms ,
Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Colorado ,
Consumer Protection Laws ,
Disclosure Requirements ,
Enforcement ,
Financial Services Industry ,
Healthcare ,
Hiring & Firing ,
Machine Learning ,
Risk Management ,
Software Developers ,
State Attorneys General
This is part four of our examination of the European Union’s new artificial intelligence law, the (“EU AI Act”). In part one, we introduced the scope of the EU AI Act and discussed what types of AI systems are outright...more
With a growing number of states having passed comprehensive consumer data privacy laws (19 in total, with seven passed this year alone), state enforcement actions related to data privacy are growing increasingly common....more
9/25/2024
/ Application Programming Interface (APIs) ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Enforcement ,
Operating System Developers ,
Opt-In ,
Opt-Outs ,
State Privacy Laws ,
Website Design
This is part three of our examination of the European Union’s new artificial intelligence law (the “EU AI Act”). In part one, we introduced the scope of the EU AI Act and discussed what types of AI systems are outright...more
On May 9, 2024, Governor Wes Moore signed the Maryland Online Data Privacy Act (MODPA) making Maryland the seventeenth state to enact a comprehensive data privacy law. The law takes effect October 1, 2025, but it does not...more
This is part two of our examination of the European Union’s new artificial intelligence law, the (“EU AI Act”). In part one, we introduced the scope of the EU AI Act and discussed what types of AI systems are outright...more
On May 9, 2024, Governor Wes Moore signed the Maryland Online Data Privacy Act (MODPA), making Maryland the seventeenth state to enact a comprehensive data privacy law. While similar in certain respects to most Virginia Model...more
As of May 1, Utah has joined the expanding patchwork of states with laws specifically targeting artificial intelligence (AI) systems. The Utah Artificial Intelligence Policy Act (UAIPA), signed into law in March of this year,...more
New cybersecurity guidance for artificial intelligence (AI) systems, available here, was recently issued jointly by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the National Security Agency’s...more
The European Union recently enacted its new artificial intelligence regulation, the (“EU AI Act”). The new law is expected to have a substantial impact on the AI industry, including on companies outside of the EU, much as...more
On January 29, 2024, the U.S. Department of Commerce’s (Department) Bureau of Industry and Security issued a notice of proposed rulemaking (Proposed Rule) that proposes a new Customer Identification Program (CIP) and other...more
On October 30, 2023, President Biden signed an Executive Order (EO) on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. The Biden-Harris Administration’s sweeping artificial intelligence (AI)...more
11/7/2023
/ Artificial Intelligence ,
Competition ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Deep Fake ,
Department of Homeland Security (DHS) ,
Discrimination ,
Executive Orders ,
IaaS ,
Innovation ,
Joe Biden ,
National Security ,
NIST ,
Office of Science ,
OMB ,
OSTP ,
Popular ,
U.S. Commerce Department
The rapid spread of Artificial Intelligence (AI) systems in recent years has overlapped with the enactment of comprehensive privacy laws by multiple U.S. states. Aside from being generally applicable to AI systems in the...more
9/22/2023
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California Privacy Rights Act (CPRA) ,
Data Controller ,
Data Profiling ,
Disclosure Requirements ,
Online Gaming ,
Online Platforms ,
Opt-Outs ,
Personal Data ,
Reputational Injury ,
Social Media ,
State Privacy Laws
The European Union (EU) announced on July 10 that it had formally adopted the adequacy decision for the EU-U.S. Data Privacy Framework, which goes into effect on July 11. U.S. organizations have been without a...more
As the use of artificial intelligence (AI) rapidly expands throughout the private sector and government, the Biden administration has published a report titled A Blueprint for an AI Bill of Rights.
The report cites a myriad...more
The National Institute of Standards and Technology (NIST) recently released version 1.0 of its Artificial Intelligence Risk Management Framework.
There is an emerging consensus that AI systems present a significantly...more
5/3/2023
/ Artificial Intelligence ,
Autonomy ,
Bias ,
Federal Trade Commission (FTC) ,
Information Technology ,
Machine Learning ,
NIST ,
Privacy Laws ,
Reliability Standards ,
Risk Management ,
Safety Standards ,
Technology Sector ,
Transparency
The National Telecommunications and Information Administration (NTIA), an agency within the federal Department of Commerce which advises the President on telecommunications and information policy issues, recently issued a...more
With Governor Kim Reynolds signing S.F. 262 into law on March 29, 2023, Iowa became the sixth state to enact a comprehensive consumer privacy law. The text can be found here. The law goes into effect on January 1, 2025.
As...more
On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules that would require public companies to report detailed information about material cybersecurity incidents affecting their business and...more
The Federal Financial Institutions Examination Council (FFIEC), an interagency body of leading financial regulators, including the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency,...more
This is the second installment of our summary of the Virginia Consumer Data Protection Act (“VCDPA”). In our first post, we covered the goals of the law as well as its applicability and thresholds, what qualifies as personal...more
Virginia recently joined California in enacting a comprehensive data protection law intended to protect the privacy of its residents. The Virginia Consumer Data Protection Act (the “VCDPA”) is scheduled to take effect on...more
5/11/2021
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Sensitive Personal Information ,
Virginia