In a new post on the Inside Class Actions blog, our colleagues discuss a new Illinois federal court decision, Gregg v. Cent. Transp. LLC, 2024 WL 4766297, at *3 (N.D. Ill. Nov. 13, 2024), which holds that the state’s recent amendment to its Biometric Information Privacy Act capping

Continue Reading Illinois Federal Court Rules BIPA Single-Violation Amendment Applies Retroactively

In a new post on the Inside Global Tech blog, our colleagues discuss the recently released draft of the Texas Responsible AI Governance Act (“TRAIGA”), which is expected to be introduced in the 2025 legislative session.  Modeled on the Colorado AI Act (SB 205) and the EU AI Act

Continue Reading Texas Legislature to Consider Sweeping AI Legislation in 2025

This quarterly update highlights key legislative, regulatory, and litigation developments in the third quarter of 2024 related to artificial intelligence (“AI”) and connected and automated vehicles (“CAVs”).  As noted below, some of these developments provide industry with the opportunity for participation and comment.Continue Reading U.S. Tech Legislative, Regulatory & Litigation Update – Third Quarter 2024

On October 22, the National Institute of Standards and Technology (“NIST”) Internet of Things (“IoT”) Advisory Board released the Internet of Things Advisory Board Report, which concludes that IoT development has progressed more slowly than anticipated and identifies 26 findings that explain the slower pace of development and growth.  The Report offers 104 recommendations on how the government can help foster IoT development.  The Advisory Board provided this report to the IoT Federal Working Group emphasizing that an IoT transformation will boost U.S. economic growth, increase public safety and national resilience, create a more sustainable planet, individualize healthcare, foster equitable quality of life and well-being, and facilitate autonomous operations of our national infrastructure.  For background, the IoT Federal Working Group was established by Congress in 2020 and was charged with identifying policies and statutes inhibiting IoT development and consider recommendations of the Advisory Board. Continue Reading NIST Report and Recommendations on Fostering Development of the Internet of Things

On October 16, 2024, the New York Department of Financial Services (“NYDFS”) issued an industry letter (the “Guidance”) highlighting the cybersecurity risks arising from the use of artificial intelligence (“AI”) and providing strategies to address these risks.  While the Guidance “does not impose any new requirements,” it clarifies how Covered Entities should address AI-related risks as part of NYDFS’s landmark cybersecurity regulation, codified at 23 NYCRR Part 500 (“Cybersecurity Regulation”).  The Cybersecurity Regulation, as revised in November 2023, requires Covered Entities to implement certain detailed cybersecurity controls, including governance and board oversight requirements.  Covered Entities subject to the Cybersecurity Regulation should pay close attention to the new Guidance not only if they are using or planning on using AI, but also if they could be subject to any of the AI-related risks or attacks described below. Continue Reading NYDFS Issues Industry Guidance on Risks Arising from Artificial Intelligence

On October 16, the Federal Trade Commission (“FTC”) announced a final “click-to-cancel” rule that amends the previous Negative Option Rule to “make it as easy for consumers to cancel their enrollment as it was to sign up.” The Rule also imposes extensive requirements regarding misrepresentations, disclosures, and consent, among others. Most of the provisions will go into effect 180 days after publication in the Federal Register. As of today, the final rule has not yet been published. This final rule is the culmination of a five-year proceeding including the FTC’s issuance of a notice of proposed rulemaking (“NPRM”) in March 2023 and an advanced notice of proposed rulemaking in October 2019. We previously analyzed the proposed rule presented in the NPRM.Continue Reading FTC Issues Final “Click-to-Cancel” Rule

Today, October 18, is the deadline for Member States to start to apply “NIS2” under national laws. NIS2 is the new cybersecurity law that builds on requirements under the prior NIS Directive. As previously reported, key elements of NIS2 include:

  • Broader scope of application – it covers a wide range
Continue Reading NIS2 Deadline Today

In the past few weeks, there have been significant developments relating to the “legitimate interests” legal basis under Article 6(1)(f) of the GDPR:

  • On 4 October 2024, the Court of Justice of the EU (“CJEU”) handed down its judgment in a case relating to the Royal Dutch Lawn
Continue Reading Five key takeaways from recent EU developments on the GDPR’s “legitimate interests” legal basis

On October 3, 2024, the European Commission published a report evaluating the effectiveness of existing EU consumer protection laws in protecting consumers in the digital space.  More specifically, the report assesses the effectiveness of the following three consumer protection laws: (i) the Unfair Commercial Practices Directive (“UCPD”); (ii) the Consumer Rights Directive (“CRD”); and (iii) the Unfair Contract Terms Directive (“UCTD”).  It also identifies and analyses the main provisions in the DSA, DMA, Data Act, and AI Act that are of particular relevance for protecting consumers in the digital environment.  The report is the result of the 2022 public consultation we mentioned in our previous blog post.Continue Reading EU Commission Publishes Report Assessing EU Consumer Laws and Paves Way for New and Stronger EU Consumer Law for the Digital Space

On September 20, 2024, California Governor Newsom signed into law SB 976, the Protecting Our Kids from Social Media Addiction Act (the “Act”). The Act defines and prohibits an “addictive internet-based service or platform” from providing an “addictive feed” to a minor unless the platform has previously obtained verifiable parental consent. The Act will take effect on January 1, 2025, and the California Attorney General will promulgate regulations on age assurance and parental consent by January 1, 2027. This post summarizes the law’s key provisions. The law includes several technical definitions and exceptions, which are explained at the end of this post.Continue Reading California Passes Law to Protect Minors from “Addictive Feeds”