data privacy

On 29 March 2023, the UK Information Commissioner’s Office (“ICO”) published updated Guidance on AI and data protection (the “Guidance”) following “requests from UK industry to clarify requirements for fairness in AI”. AI has been a strategic priority for the ICO for several years. In 2020, the ICO published its first set of guidance on AI (as discussed in our blog post here) which it complemented with supplementary recommendations on Explaining Decisions Made with AI and an AI and Data Protection risk toolkit in 2022. The updated Guidance forms part of the UK’s wider efforts to adopt a “pro-innovation” approach to AI regulation which will require existing regulators to take responsibility for promoting and overseeing responsible AI within their sectors (for further information on the UK Government’s approach to AI regulation, see our blog post here).

The updated Guidance covers the ICO’s view of best practice for data protection-compliant AI, as well as how the ICO interprets data protection law in the context of AI systems that process personal data. The Guidance has been restructured in line with the UK GDPR’s data protection principles, and features new content, including guidance on fairness, transparency, lawfulness and accountability when using AI systems.Continue Reading UK ICO Updates Guidance on Artificial Intelligence and Data Protection

On 29 March 2023, the UK Government published a White Paper entitled “A pro-innovation approach to AI regulation” (“White Paper”). The White Paper elaborates on the approach to AI set out by the Government in its 2022 AI Governance and Regulation Policy Statement (“Policy Statement” – covered in our blog post here). This announcement comes following the Government’s commitments, in the Spring Budget 2023, to build an expert taskforce to develop the UK’s capabilities in AI foundation models and produce guidance on the relationship between intellectual property law and generative AI (for more details of these initiatives, see here).

In its White Paper, the UK Government confirms that, unlike the EU, it does not plan to adopt new legislation to regulate AI, nor will it create a new regulator for AI (for further details on the EU’s proposed AI regulation see our blog posts here and here). Instead, the UK would require existing regulators, including the UK Information Commissioner’s Office (“ICO”), to take responsibility for the establishment, promotion, and oversight of responsible AI in their respective sectors. Regulators’ activities would be reinforced by the establishment of new support and oversight functions within central Government. This approach is already beginning to play out in certain regulated areas in the UK. For example, in October 2022, the Bank of England and Financial Conduct Authority (“FCA”) jointly released a Discussion Paper on Artificial Intelligence and Machine Learning considering how AI in financial services should be regulated and, in March 2023, the ICO updated its Guidance on AI and Data Protection.  Continue Reading UK Government Adopts a “Pro-Innovation” Approach to AI Regulation

On January 26, 2023, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released its Artificial Intelligence Risk Management Framework (the “Framework”) guidance document, alongside a companion AI RMF Playbook that suggests ways to navigate and use the Framework.  The goal of the Framework is to provide a resource to organizations “designing, developing, deploying, or using AI systems to help manage the many risks of AI and promote trustworthy and responsible development and use of AI systems.”  NIST aims for the Framework to offer a practical resource that can be adapted as the AI technologies continue to develop.  The release of the Framework follows the release of previous drafts and opportunities for public comment.  An initial draft of the Framework was released in March 2022 and a second draft was released in August 2022, prior to the official launch of version 1.0 of the Framework (NIST AI 100-1).Continue Reading NIST Releases New Artificial Intelligence Risk Management Framework

On November 3, the FTC announced that it entered into a significant $100 million settlement with Vonage to resolve allegations relating to the internet phone service provider’s sales and autorenewal practices. The FTC alleged that Vonage violated both the FTC Act and the Restore Online Shoppers’ Confidence Act (ROSCA) by failing to provide a simple cancellation mechanism, failing to disclose material transaction terms prior to obtaining consumers’ billing information, and charging consumers without consent.Continue Reading FTC Flexes ROSCA Muscle with $100 Million “Dark Patterns” Settlement with Vonage

This quarterly update summarizes key federal legislative and regulatory developments in the first quarter of 2022 related to artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), and data privacy, and highlights a few particularly notable developments in the States.  In the first quarter of 2022, Congress and the Administration focused on required assessments and funding for AI, restrictions on targeted advertising using personal data collected from individuals and connected devices, creating rules to enhance CAV safety, and children’s privacy topics.
Continue Reading U.S. AI, IoT, CAV, and Privacy Legislative Update – First Quarter 2022

In 2021, European lawmakers and agencies issued a number of proposals to regulate artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAV”), and data privacy, as well as reports and funding programs to pursue the developments in these emerging areas.  From the adoption of more stringent cybersecurity standards for IoT devices
Continue Reading EMEA IoT & CAV Legislative and Regulatory Roundup 2021 and Forecast 2022

The EU was particularly active in furthering its digital strategy in 2021, and will likely continue this high level of activity into 2022.  Below, we briefly summarize last year’s key legislative and regulatory updates from the EU across the following areas:

  1. data transfers;
  2. cookies (and alike) and unsolicited marketing communications;
  3. cybersecurity;
  4. open data;
  5. intermediary services;


Continue Reading EMEA Legislative and Regulatory Privacy Roundup 2021 and Forecast 2022

In 2021, countries in EMEA continued to focus on the legal constructs around artificial intelligence (“AI”), and the momentum continues in 2022. The EU has been particularly active in AI—from its proposed horizontal AI regulation to recent enforcement and guidance—and will continue to be active going into 2022. Similarly, the UK follows closely behind with
Continue Reading EMEA AI Legislative and Regulatory Roundup 2021 and Forecast 2022

As 2021 comes to a close, we will be sharing the key legislative and regulatory updates for artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), and privacy this month.  Lawmakers introduced a range of proposals to regulate AI, IoT, CAVs, and privacy as well as appropriate funds to study developments in these emerging spaces.  In addition, from developing a consumer labeling program for IoT devices to requiring the manufacturers and operators of CAVs to report crashes, federal agencies have promulgated new rules and issued guidance to promote consumer awareness and safety.  We are providing this year-end round up in four parts.  In this post, we detail IoT updates in Congress, the states, and federal agencies.
Continue Reading U.S. AI and IoT Legislative Update – Year-End 2021

As 2021 comes to a close, we will be sharing the key legislative and regulatory updates for artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), and privacy this month.  Lawmakers introduced a range of proposals to regulate AI, IoT, CAVs, and privacy as well as appropriate funds to study developments in these emerging spaces.  In addition, from developing a consumer labeling program for IoT devices to requiring the manufacturers and operators of CAVs to report crashes, federal agencies have promulgated new rules and issued guidance to promote consumer awareness and safety.  We are providing this year-end round up in four parts.  In this post, we detail CAV updates in Congress and federal agencies.
Continue Reading U.S. AI and IoT Legislative Update – Year-End 2021