Photo of Jayne Ponder

Jayne Ponder

Jayne Ponder is an associate in the firm's Washington, DC office and a member of the Data Privacy and Cybersecurity Practice Group. Jayne’s practice focuses on a broad range of privacy, data security, and technology issues. She provides ongoing privacy and data protection counsel to companies, including on topics related to privacy policies and data practices, the California Consumer Privacy Act, and cyber and data security incident response and preparedness.

On September 8, 2023, Senators Richard Blumenthal (D-CT) and Josh Hawley (R-MO), Chair and Ranking Member of the Senate Judiciary Subcommittee on Privacy, Technology, and the Law, announced a new bipartisan framework for artificial intelligence (“AI”) legislation.  Senator Blumenthal said, “This bipartisan framework is a milestone – the first tough, comprehensive legislative blueprint for real, enforceable AI protections. It should put us on a path to addressing the promise and peril AI portends.” He also told CTInsider that he hopes to have a “detailed legislative proposal” ready for Congress by the end of this year.Continue Reading Senators Release Bipartisan Framework for AI Legislation

On July 13, 2023, the Cybersecurity Administration of China (“CAC”), in conjunction with six other agencies, jointly issued the Interim Administrative Measures for Generative Artificial Intelligence Services (《生成式人工智能管理暂行办法》) (“Generative AI Measures” or “Measures”) (official Chinese version here).  The Generative AI Measures are set to take effect on August 15, 2023. 

As the first comprehensive AI regulation in China, the Measures cover a wide range of topics touching upon how Generative AI Services are developed and how such services can be offered.  These topics range from AI governance, training data, tagging and labeling to data protection and user rights.  In this blog post, we will spotlight a few most important points that could potentially impact a company’s decision to develop and deploy their Generative AI Services in China.

This final version follows a first draft which was released for public consultation in April 2023 (see our previous post here). Several requirements were removed from the April 2023 draft, including, for example, the prohibition of user profiling, user real-name verification, and the requirement to take measures within three months through model optimization training to prevent illegal content from being generated again.  However, several provisions in the final version remain vague (potentially by design) and leave room to future regulatory guidance as the generative AI landscape continues to evolve.Continue Reading Key Takeaways from China’s Finalized Generative Artificial Intelligence Measures

This quarterly update summarizes key legislative and regulatory developments in the second quarter of 2023 related to key technologies and related topics, including Artificial Intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), data privacy and cybersecurity, and online teen safety.Continue Reading U.S. Tech Legislative & Regulatory Update – Second Quarter 2023

On June 30, 2023, a Superior Court of California (County of Sacramento, case number 34-2023-80004106-CU-WM-GDS) held that enforcement of the California Privacy Protection Agency’s (“CPPA”) regulations cannot commence until one year after the finalized date of the regulations.  However, the court declined to delay the CPPA’s ability to enforce violations of the underlying ballot initiative.

On June 30, 2023, the Delaware general assembly passed the Delaware Personal Data Privacy Act (“DPDPA”), H.B. 154.  This bill resembles the comprehensive privacy statutes in Connecticut, Montana, and the recently passed bill in Oregon, though there are some notable distinctions.  If signed into law, Delaware will be the latest state to implement

On June 22, 2023, the Oregon state legislature passed the Oregon Consumer Privacy Act, S.B. 619 (the “Act”).  This bill resembles the comprehensive privacy statutes in Colorado, Montana, and Connecticut, though there are some notable distinctions.  If passed, Oregon will be the twelfth state to implement a comprehensive privacy statute, joining California, Virginia, Colorado, Connecticut

The Connecticut legislature passed Connecticut SB 3 on June 2, 2023.  If enacted by the governor, the bill would amend the Connecticut Data Privacy Act (“CTDPA”) to include a number of provisions related to health and minors’ data. Additional detail on the CTDPA can be found in our previous blog post here.

The health-related provisions would take effect on July 1, 2023.  Most provisions related to minors’ data would take effect on October 1, 2024.  However, requirements that social media platforms “unpublish” or delete certain minors’ accounts would come into effect on July 1, 2024.

As reflected in this bill, state legislatures appear increasingly focused on health privacy.  Connecticut’s bill comes on the heels of Nevada’s SB 370, which the Nevada legislature passed, and which, if enacted would impose requirements on consumer health data.  Both the Nevada and Connecticut bill resemble Washington’s My Health My Data Act, although they appear generally narrower in scope.  For additional detail on Washington’s My Health My Data Act, please review our blog post hereContinue Reading Connecticut Legislature Passes Amendments to the Connecticut Data Privacy Act

On May 1, 2023, the White House Office of Science and Technology Policy (“OSTP”) announced that it will release a Request for Information (“RFI”) to learn more about automated tools used by employers to “surveil, monitor, evaluate, and manage workers.”  The White House will use the insights gained from the RFI to create policy and best practices surrounding the use of AI in the workplace.Continue Reading White House Issues Request for Comment on Use of Automated Tools with the Workforce

On April 25, 2023, four federal agencies — the Department of Justice (“DOJ”), Federal Trade Commission (“FTC”), Consumer Financial Protection Bureau (“CFPB”), and Equal Employment Opportunity Commission (“EEOC”) — released a joint statement on the agencies’ efforts to address discrimination and bias in automated systems. Continue Reading DOJ, FTC, CFPB, and EEOC Statement on Discrimination and AI