Photo of Jayne Ponder

Jayne Ponder

Jayne Ponder counsels national and multinational companies across industries on data privacy, cybersecurity, and emerging technologies, including Artificial Intelligence and Internet of Things.

In particular, Jayne advises clients on compliance with federal, state, and global privacy frameworks, and counsels clients on navigating the rapidly evolving legal landscape. Her practice includes partnering with clients on the design of new products and services, drafting and negotiating privacy terms with vendors and third parties, developing privacy notices and consent forms, and helping clients design governance programs for the development and deployment of Artificial Intelligence and Internet of Things technologies.

Jayne routinely represents clients in privacy and consumer protection enforcement actions brought by the Federal Trade Commission and state attorneys general, including related to data privacy and advertising topics. She also helps clients articulate their perspectives through the rulemaking processes led by state regulators and privacy agencies.

As part of her practice, Jayne advises companies on cybersecurity incident preparedness and response, including by drafting, revising, and testing incident response plans, conducting cybersecurity gap assessments, engaging vendors, and analyzing obligations under breach notification laws following an incident.

On January 29, 2024, the Department of Commerce (“Department”) published a proposed rule (“Proposed Rule”) to require providers and foreign resellers of U.S. Infrastructure-as-a-Service (“IaaS”) products to (i) verify the identity of their foreign customers and (ii) notify the Department when a foreign person transacts with that provider or reseller to train a large artificial intelligence (“AI”) model with potential capabilities that could be used in malicious cyber-enabled activity. The proposed rule also contemplates that the Department may impose special measures to be undertaken by U.S. IaaS providers to deter foreign malicious cyber actors’ use of U.S. IaaS products.  The accompanying request for comments has a deadline of April 29, 2024.Continue Reading Department of Commerce Issues Proposed Rule to Regulate Infrastructure-as-a-Service Providers and Resellers

A new post on the Covington Inside Global Tech blog highlights key legislative, regulatory, and litigation developments in the fourth quarter of 2023 and early January 2024 related to technology issues.  These included developments related to artificial intelligence (“AI”), connected and automated vehicles (“CAVs”), data privacy, and cybersecurity. As noted

Continue Reading U.S. Tech Legislative, Regulatory & Litigation Update – Fourth Quarter 2023

Ahead of its December 8 board meeting, the California Privacy Protection Agency (CPPA) has issued draft risk assessment regulations.  The CPPA has yet to initiate the formal rulemaking process and has stated that it expects to begin formal rulemaking next year, at which time it will also consider draft regulations covering “automated decisionmaking technology” (ADMT), cybersecurity audits, and revisions to existing regulations.  Accordingly, the draft risk assessment regulations are subject to change.  Below are the key takeaways:Continue Reading CPPA Releases Draft Risk Assessment Regulations

Ahead of its December 8 board meeting, the California Privacy Protection Agency (CPPA) has issued draft “automated decisionmaking technology” (ADMT) regulations.  The CPPA has yet to initiate the formal rulemaking process and has stated that it expects to begin formal rulemaking next year.  Accordingly, the draft ADMT regulations are subject to change.  Below are the key takeaways:Continue Reading CPPA Releases Draft Automated Decisionmaking Technology Regulations

On October 30, 2023, days ahead of government leaders convening in the UK for an international AI Safety Summit, the White House issued an Executive Order (“EO”) outlining an expansive strategy to support the development and deployment of safe and secure AI technologies (for further details on the EO, see our blog here). As readers will be aware, the European Commission released its proposed Regulation Laying Down Harmonized Rules on Artificial Intelligence (the EU “AI Act”) in 2021 (see our blog here). EU lawmakers are currently negotiating changes to the Commission text, with hopes of finalizing the text by the end of this year, although many of its obligations would only begin to apply to regulated entities in 2026 or later.

The EO and the AI Act stand as two important developments shaping the future of global AI governance and regulation. This blog post discusses key similarities and differences between the two.Continue Reading From Washington to Brussels: A Comparative Look at the Biden Administration’s Executive Order and the EU’s AI Act

On October 3, the Federal Trade Commission (“FTC”) released a blog post titled Consumers Are Voicing Concerns About AI, which discusses consumer concerns that the FTC received via its Consumer Sentinel Network concerning artificial intelligence (“AI”) and priority areas the agency is watching.  Although the FTC’s blog post acknowledged

Continue Reading FTC Publishes Blog Post Summarizing Consumer Concerns with AI Systems

This quarterly update summarizes key legislative and regulatory developments in the third quarter of 2023 related to key technologies and related topics, including Artificial Intelligence (“AI”), connected and automated vehicles (“CAVs”), and data privacy and cybersecurity.Continue Reading U.S. Tech Legislative & Regulatory Update – Third Quarter 2023

On September 8, 2023, Senators Richard Blumenthal (D-CT) and Josh Hawley (R-MO), Chair and Ranking Member of the Senate Judiciary Subcommittee on Privacy, Technology, and the Law, announced a new bipartisan framework for artificial intelligence (“AI”) legislation.  Senator Blumenthal said, “This bipartisan framework is a milestone – the first tough, comprehensive legislative blueprint for real, enforceable AI protections. It should put us on a path to addressing the promise and peril AI portends.” He also told CTInsider that he hopes to have a “detailed legislative proposal” ready for Congress by the end of this year.Continue Reading Senators Release Bipartisan Framework for AI Legislation

On July 13, 2023, the Cybersecurity Administration of China (“CAC”), in conjunction with six other agencies, jointly issued the Interim Administrative Measures for Generative Artificial Intelligence Services (《生成式人工智能管理暂行办法》) (“Generative AI Measures” or “Measures”) (official Chinese version here).  The Generative AI Measures are set to take effect on August 15, 2023. 

As the first comprehensive AI regulation in China, the Measures cover a wide range of topics touching upon how Generative AI Services are developed and how such services can be offered.  These topics range from AI governance, training data, tagging and labeling to data protection and user rights.  In this blog post, we will spotlight a few most important points that could potentially impact a company’s decision to develop and deploy their Generative AI Services in China.

This final version follows a first draft which was released for public consultation in April 2023 (see our previous post here). Several requirements were removed from the April 2023 draft, including, for example, the prohibition of user profiling, user real-name verification, and the requirement to take measures within three months through model optimization training to prevent illegal content from being generated again.  However, several provisions in the final version remain vague (potentially by design) and leave room to future regulatory guidance as the generative AI landscape continues to evolve.Continue Reading Key Takeaways from China’s Finalized Generative Artificial Intelligence Measures

This quarterly update summarizes key legislative and regulatory developments in the second quarter of 2023 related to key technologies and related topics, including Artificial Intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), data privacy and cybersecurity, and online teen safety.Continue Reading U.S. Tech Legislative & Regulatory Update – Second Quarter 2023