Internet of Things (IoT)

On September 11, 2024, the Federal Communications Commission (the “Commission”) opened the application window for entities seeking designation by the Commission as a Cybersecurity Labeling Administrator (“CLA”) and Lead Administrator.  These roles will help administer the Commission’s voluntary Internet of Things (“IoT”) cybersecurity labeling program, covered in previous blog posts from August and March of

Continue Reading FCC Opens Applications for IoT Cybersecurity Labeling Roles

On August 16, 2024, the U.S. Department of Transportation (the “USDOT”) announced the Saving Lives with Connectivity: A Plan to Accelerate V2X Deployment plan (the “Plan”). The Plan is intended to “accelerate the deployment” of vehicle-to-everything (“V2X”) technology and support USDOT’s goal of establishing a comprehensive approach to roadway fatality reduction. The Plan states that USDOT is “pursuing a comprehensive approach to reduce the number of roadway fatalities to the only acceptable number: zero.”

The Plan describes V2X technology as technology that “enables vehicles to communicate with each other, with road users such as pedestrians, cyclists, individuals with disabilities, and other vulnerable road users, and with roadside infrastructure, through wirelessly exchanged messages.” Such messages may contain information about vehicles’ location and actions and traffic conditions like weather, pavement conditions, work zones, and more. The Plan notes that currently deployed V2X technology has already demonstrated safety benefits on a small scale and calls for expanded deployment of such technology.

In a press release accompanying the Plan, U.S. Secretary of Transportation Pete Buttigieg said, “The Department has reached a key milestone today in laying out a national plan for the transportation industry that has the power to save lives and transform the way we travel … The Department recognizes the potential safety benefits of V2X, and this plan will move us closer to nationwide adoption of this technology.”Continue Reading USDOT Releases Plan to Accelerate V2X Deployment

This is part of an ongoing series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through June 2024.  This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during July 2024.  It also describes key actions taken during July 2024 to implement President Biden’s Executive Order on Artificial Intelligence (the “AI EO”), particularly its provisions that impact cybersecurity, national security, and software supply chain security.Continue Reading July 2024 Developments Under President Biden’s Cybersecurity Executive Order, National Cybersecurity Strategy, and AI Executive Order

On July 30, 2024, the Federal Register published the Federal Communications Commission (the “FCC”) Report and Order (the “Order”) creating a voluntary cybersecurity labeling program for Internet of Things (“IoT”) devices.  As reported in our blog post issued shortly before the Order was approved on March 14, 2024, this program is intended to “provide consumers with an easy-to-understand and quickly recognizable FCC IoT Label that includes the U.S. Government certification mark (referred to as the U.S. Cyber Trust Mark).”  While there are several steps remaining to fully establish the program, this Order represents a significant milestone in policymakers’ efforts to launch a federal cybersecurity labeling program for internet connected devices.Continue Reading FCC Adopts Order Establishing Voluntary IoT Labeling Program

This quarterly update highlights key legislative, regulatory, and litigation developments in the second quarter of 2024 related to artificial intelligence (“AI”), connected and automated vehicles (“CAVs”), and data privacy and cybersecurity. 

I.       Artificial Intelligence

Federal Legislative Developments

  • Impact Assessments: The American Privacy Rights Act of 2024 (H.R. 8818, hereinafter “APRA”) was formally introduced in the House by Representative Cathy McMorris Rodgers (R-WA) on June 25, 2024.  Notably, while previous drafts of the APRA, including the May 21 revised draft, would have required algorithm impact assessments, the introduced version no longer has the “Civil Rights and Algorithms” section that contained these requirements.
  • Disclosures: In April, Representative Adam Schiff (D-CA) introduced the Generative AI Copyright Disclosure Act of 2024 (H.R. 7913).  The Act would require persons that create a training dataset that is used to build a generative AI system to provide notice to the Register of Copyrights containing a “sufficiently detailed summary” of any copyrighted works used in the training dataset and the URL for such training dataset, if the dataset is publicly available.  The Act would require the Register to issue regulations to implement the notice requirements and to maintain a publicly available online database that contains each notice filed.
  • Public Awareness and Toolkits: Certain legislative proposals focused on increasing public awareness of AI and its benefits and risks.  For example, Senator Todd Young (R-IN) introduced the Artificial Intelligence Public Awareness and Education Campaign Act (S. 4596), which would require the Secretary of Commerce, in coordination with other agencies, to carry out a public awareness campaign that provides information regarding the benefits and risks of AI in the daily lives of individuals.  Senator Edward Markey (D-MA) introduced the Social Media and AI Resiliency Toolkits in Schools Act (S. 4614), which would require the Department of Education and the federal Department of Health and Human Services to develop toolkits to inform students, educators, parents, and others on how AI and social media may impact student mental health.

Continue Reading U.S. Tech Legislative, Regulatory & Litigation Update – Second Quarter 2024

This week, the FTC published a blog post on the collection and use of consumer data in vehicles.  The FTC warned that “Car manufacturers—and all businesses—should take note that the FTC will take action to protect consumers against the illegal collection, use, and disclosure of their personal data” and provided a summary of some recent

Continue Reading FTC Publishes Blog Post on Cars and Consumer Data

Over the past few months, the Federal Trade Commission (“FTC”) has received requests from U.S. Senators asking the FTC to investigate the data collection practices of several automotive manufacturers.  Last week, Senators Ed Markey (D-MA) and Ron Wyden (D-OR) sent a letter to the FTC asking the agency to investigate several automakers for “deceiving their customers by falsely claiming to require a warrant or court order before turning over customer location data to government agencies.”  Among other things, the letter alleges inconsistent data collection and retention practices in the industry, asserting that some automakers only collect location data for a “critical safety event” (e.g., collision, air bag deployment, or automatic emergency braking event) while others “routinely collect[] and retain[] vehicle location data.”  The letter also states that only one automaker has a policy of informing consumers about legal demands for their data.  The letter refers to the FTC’s recent geolocation “crack down” in other contexts and urges “the FTC to investigate these auto manufacturers’ deceptive claims as well as their harmful data retention practices” and to, “in addition to taking appropriate action against the companies, . . . consider holding these companies’ senior executives accountable for their actions.”Continue Reading Data Collection by Auto Manufacturers under Scrutiny

A new post on the Covington Inside Privacy blog discusses remarks by California Privacy Protection Agency (CPPA) Executive Director Ashkan Soltani at the International Association of Privacy Professionals’ global privacy conference last week.  The remarks covered the CPPA’s priorities for rulemaking and administrative enforcement of the California Consumer Privacy Act, including with respect to connected

Continue Reading CPPA Executive Director Remarks on Policy and Enforcement Priorities

On March 14, the Federal Communications Commission (“FCC”) is expected to approve a Report and Order (“R&O”) that would create a voluntary cybersecurity labeling program for Internet of Things (“IoT”) devices.  As previewed in the Notice of Proposed Rulemaking (“NPRM”) released last August, which we covered here, this IoT Labeling Program would “provide consumers with an easy-to-understand and quickly recognizable FCC IoT Label that includes the U.S. government certification mark (referred to as the Cyber Trust Mark).”  

The R&O explains that the IoT Labeling Program would “help consumers make informed purchasing decisions, differentiate trustworthy products in the marketplace, and create incentives for manufacturers to meet higher cybersecurity standards.”  It provides details about the program and how manufacturers can seek authority to use the FCC IoT Label:Continue Reading FCC Planning to Move Forward with Voluntary IoT Labeling Program

On August 10, the Federal Communications Commission (“FCC”) released a Notice of Proposed Rulemaking (“NPRM”) concerning the creation of a “voluntary cybersecurity labeling program that would provide easily understood, accessible information to consumers on the relative security of an IoT device or product, and assure consumers that manufacturers of devices bearing the Commission’s IoT cybersecurity label adhere to widely accepted cybersecurity standards.” The NPRM reflects the proposal previewed in Chairwoman Jessica Rosenworcel’s announcement last month, which we covered here.Continue Reading FCC Proposes Voluntary Cybersecurity Labeling Program for Smart Devices