This quarterly update highlights key legislative, regulatory, and litigation developments in the first quarter of 2024 related to artificial intelligence (“AI”), connected and automated vehicles (“CAVs”), and data privacy and cybersecurity. As noted below, some of these developments provide industry with the opportunity for participation and comment.Continue Reading U.S. Tech Legislative, Regulatory & Litigation Update – First Quarter 2024
OMB Issues First Governmentwide AI Policy for Federal Agencies
On March 28, the White House Office of Management and Budget (OMB) released guidance on governance and risk management for federal agency use of artificial intelligence (AI). The guidance was issued in furtherance of last fall’s White House AI Executive Order, which established goals to promote the safe, secure, and trustworthy use and development of AI systems.Continue Reading OMB Issues First Governmentwide AI Policy for Federal Agencies
Commissioner Remarks at FTC PrivacyCon 2024
The FTC convened its eighth annual privacy conference on March 6, 2024. The full transcript of the event can be found here. Both Chair Khan and Commissioner Bedoya provided remarks during the event that are likely to be considered provocative by many.Continue Reading Commissioner Remarks at FTC PrivacyCon 2024
California Attorney General Announces Second CCPA Settlement
The California Attorney General recently announced a settlement with DoorDash to resolve allegations that DoorDash violated the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA). Continue Reading California Attorney General Announces Second CCPA Settlement
California Appeals Court Vacates Enforcement Delay of CPPA Regulations
On February 9, the Third Appellate District of California vacated a trial court’s decision that held that enforcement of the California Privacy Protection Agency’s (“CPPA”) regulations could not commence until one year after the finalized date of the regulations. As we previously explained, the Superior Court’s order prevented the
Continue Reading California Appeals Court Vacates Enforcement Delay of CPPA RegulationsOMB Publishes Request for Information on Agency Privacy Impact Assessments
On January 30, 2024, the U.S. Office of Management and Budget (OMB) published a request for information (RFI) soliciting public input on how agencies can be more effective in their use of privacy impact assessments (PIAs) to mitigate privacy risks, including those “exacerbated by artificial intelligence (AI).” The RFI notes that federal agencies may develop or procure AI-enabled systems from the private sector that are developed or tested using personal identifiable information (PII), or systems that process or use PII in their operation. Among other things, the RFI seeks comment on the risks “specific to the training, evaluation, or use of AI and AI-enabled systems” that agencies should consider in conducting PIAs of those systems. Continue Reading OMB Publishes Request for Information on Agency Privacy Impact Assessments
Trends in AI: U.S. State Legislative Developments
U.S. policymakers have continued to express interest in legislation to regulate artificial intelligence (“AI”), particularly at the state level. Although comprehensive AI bills and frameworks in Congress have received substantial attention, state legislatures also have been moving forward with their own efforts to regulate AI. This blog post summarizes key themes in state AI bills introduced in the past year. Now that new state legislative sessions have commenced, we expect to see even more activity in the months ahead.Continue Reading Trends in AI: U.S. State Legislative Developments
Department of Commerce Issues Proposed Rule to Regulate Infrastructure-as-a-Service Providers and Resellers
On January 29, 2024, the Department of Commerce (“Department”) published a proposed rule (“Proposed Rule”) to require providers and foreign resellers of U.S. Infrastructure-as-a-Service (“IaaS”) products to (i) verify the identity of their foreign customers and (ii) notify the Department when a foreign person transacts with that provider or reseller to train a large artificial intelligence (“AI”) model with potential capabilities that could be used in malicious cyber-enabled activity. The proposed rule also contemplates that the Department may impose special measures to be undertaken by U.S. IaaS providers to deter foreign malicious cyber actors’ use of U.S. IaaS products. The accompanying request for comments has a deadline of April 29, 2024.Continue Reading Department of Commerce Issues Proposed Rule to Regulate Infrastructure-as-a-Service Providers and Resellers
U.S. Tech Legislative, Regulatory & Litigation Update – Fourth Quarter 2023
A new post on the Covington Inside Global Tech blog highlights key legislative, regulatory, and litigation developments in the fourth quarter of 2023 and early January 2024 related to technology issues. These included developments related to artificial intelligence (“AI”), connected and automated vehicles (“CAVs”), data privacy, and cybersecurity. As noted
Continue Reading U.S. Tech Legislative, Regulatory & Litigation Update – Fourth Quarter 2023CPPA Releases Draft Risk Assessment Regulations
Ahead of its December 8 board meeting, the California Privacy Protection Agency (CPPA) has issued draft risk assessment regulations. The CPPA has yet to initiate the formal rulemaking process and has stated that it expects to begin formal rulemaking next year, at which time it will also consider draft regulations covering “automated decisionmaking technology” (ADMT), cybersecurity audits, and revisions to existing regulations. Accordingly, the draft risk assessment regulations are subject to change. Below are the key takeaways:Continue Reading CPPA Releases Draft Risk Assessment Regulations