A replay of Tech Sector Sanctions, Export Controls and Foreign Investment Rules in the U.S., the U.K. and the EU is available for viewing.
A replay of Tech Sector Sanctions, Export Controls and Foreign Investment Rules in the U.S., the U.K. and the EU is available for viewing.
#HelloWorld. In this issue, we zoom in on the world of AI model training, looking at both dataset transparency and valuation news. Then we zoom out, highlighting Stanford’s helpful summary of 2023 AI regulations and hot-off-the-press ethical guidance on AI use for lawyers from the New York State Bar. It may be a grab bag, but it’s one worth grabbing. Let’s stay smart together.
Read more on The Artificial Intelligence Blog.
Duane Morris will present Get Smart with AI: Practical Impacts of the New EU AI Act, a webinar on risk mitigation strategies for AI use in business, presented by the Technology, Media and Telecom Industry Group’s Artificial Intelligence Team, on Thursday, May 16, 2024, from 11:00 a.m. to 12:00 p.m. Eastern time and 4:00 p.m. to 5:00 p.m. London time. REGISTER FOR THE WEBINAR. Continue reading “Webinar: Practical Impacts of the New EU AI Act”
Duane Morris’ Technology, Media and Telecom Industry Group will present a webinar, Tech Sector Sanctions, Export Controls and Foreign Investment Rules in the U.S., the U.K. and the EU, on Wednesday, April 24, 2024, at 12:00 p.m. Eastern time | 5:00 p.m. London time.
Our program provides an overview and analysis of the numerous and expanding U.S., U.K. and EU sanctions, export controls and foreign investment rules that the tech sector must navigate. To help companies in this increasingly complex landscape, we will provide strategic insights and compliance guidance on key regulations, developments and trends. REGISTER FOR THE WEBINAR.
Duane Morris LLP will hold a webinar, The Data Privacy and Security Landscape: Let’s Talk About Tech ‒ Wearable Fitness and Health Tech on Monday, November 6, 2023, from 12:30 p.m. to 1:30 p.m. Eastern time.
Wearable tech is everywhere—on your wrist, in your pocket, on your finger and even at work. With the ubiquity of fitness technology, what are the implications of these pervasive devices? How are companies collecting this data storing and protecting consumer information? What laws and regulations are in place as device use continues to expand? Join our panelists for a discussion on the current state and future of wearable fitness and health tech, including:
Frederick R. Ball, Partner
Neville M. Bilimoria, Partner
Sheila Raftery Wiggins, Partner
Digital data is becoming a hot commodity these days because it enables AI tools to do powerful things. Companies that offer content should keep up with the evolving technology and laws that can help them protect their online data.
As data becomes available online, it can be accessed in different ways leading to various legal issues. In general, one basis for protecting online data lies in the creativity of the data under the Copyright Act of 1976. Another basis lies in the technological barrier of the computer system hosting the data under the Computer Fraud and Abuse Act (CFAA) and Digital Millennium Copyright Act. It is also possible to protect online data based on contractual obligations or tort principles under state common law. In terms of the data, a company would need to consider its proprietary data and user-generated data separately, but any creative content is invariably entitled to copyright protection.
To read the full text of this article, please visit the Duane Morris Artificial Intelligence Blog.
On March 16, 2023, the United States Copyright Office (USCO) published Copyright Registration Guidance (Guidance) on generative AI[1]. In the Guidance, the USCO reminded us that it “will not register works produced by a machine or mere mechanical process that operates randomly or automatically without any creative input or intervention from a human author.” This statement curiously conjures the notion of a machine creating copyrightable works autonomously.
While the operation of a machine, or specifically the execution of the underlying AI technology, may be largely mechanical with little human involvement, the design of the AI technology can take significant human effort. If we look at protecting human works that power machines as intellectual property in the broad context where AI has been applied, just like authorship has been an issue when an AI technology is used in creating copyrightable subject matter, inventorship has been an issue when an AI technology is used in generating an idea that may be eligible for patent protection.
To read the full text of this article, please visit the Duane Morris Artificial Intelligence Blog.
Three federal agencies jointly issued a guidance that banks are expected to monitor their financial technology partners to ensure compliance with privacy, fair lending, and anti-money laundering laws.
The “Interagency Guidance on Third-Party: Risk Management” was issued jointly by: (1) Board of the Federal Reserve System [OP-1752], (2) Department of the Treasury Office of the Comptroller of the Currency [OCC-2021-0011], and (3) Federal Deposit Insurance Corporation [RIN 3064-ZA26], with a final guidance date of June 6, 2023 (“Guidance”). The Guidance offers the three U.S. agencies’ views on sound risk management principles for banking organizations when developing and implementing risk management practices for all stages in the life cycle of third-party relationships.
Prior guidance is rescinded and replaced by the Guidance
The Guidance rescinds and replaces the following previously issued guidance by the three federal agencies:
The Guidance seeks to establish a consistent approach which puts the onus on banks to obtain information from and ensure compliance from its third-party fintech relationships. In other words, banks are responsible for knowing how their fintech partners: (1) are operating and (2) are complying with applicable federal law.
Obligations concerning privacy laws and cross-border flow of information
The Guidance discusses factors to consider when evaluating whether to enter into a relationship with a third party, including the compliance of privacy laws. Regarding contracts between a bank and a foreign-based third party, the Guidance notes the importance of:
In sum, the 68-page Guidance sets forth a bank’s risk management obligations when contracting with third-party fintech. As privacy laws and cross-border flow of information continually increase, the Guidance sets forth the criteria to analyze within these contracts.
The Federal Trade Commission’s proposed click to cancel rule requires companies to provide more detailed information and notices about cancelling automatic renewals, subscriptions, and memberships which are prevalent in online commerce. The proposed rule, titled Negative Option Rule, is at: https://www.ftc.gov/system/files/ftc_gov/pdf/p064202_negative_option_nprm.pdf
The goal of the proposed rule is to combat unfair or deceptive practices that include recurring charges for products or services consumers do not want and cannot cancel without undue difficulty. The FTC is currently seeking comments on the proposed rule until April 19, 2023.
The proposed rule would require canceling via a negative-option program to be easy and available through the same means as signing up. For example, if a company offers one-click membership sign-up through its website, then the company must also offer one-click cancellation through the same website.
Other substantive requirements of the proposed rule include annual reminders for customers of programs that do not involve the shipment of physical goods, pre-billing disclosure requirements, express consent for subscription terms separate from the rest of the transaction, and limits on the ability to offer special deals to customers attempting to cancel.
To help comply with this anticipated rule, companies should:
Ephemeral messaging is short-lived, yet the data preservation and regulatory obligations remain.
Ephemeral messaging apps – like WhatsApp and SnapChat – are a form of digital communication available for a limited time and then deleted. The two key characteristics of ephemeral messaging are: (1) automated deletion of message content for both the sender and the receiver and (2) end-to-end encryption which enhances privacy by making it more difficult for hackers and others to read the encrypted data while it is in transition between devices.
The three degrees of ephemerality in messaging apps are:
The benefits of ephemeral messaging include:
The legal risks of ephemeral messaging include: (1) complying with subpoenas and (2) preservation of data when litigation is “reasonably anticipated”.
Subpoenas often define documents and communications broadly to capture all communications, including ephemeral messaging. Thus, the failure to preserve documents may result in an inability to fully comply with a subpoena and/or a criminal exposure, particularly if the subpoena was issued by the government.
Regarding the preservation of data, legal hold policies may need to be amended to address ephemeral messaging, including when a company is dealing with government regulators. See e.g., Federal Trade Commission v. Noland, et al., Case No. CV-20-00047-PHX-DWL (D. Ariz. 2021) (sanctioning defendants for installing and using ephemeral messaging after learning they were investigation targets).
Some regulators caution against the use of ephemeral messaging. For example:
Accordingly, establishing adequate and effective corporate compliance programs are important, including:
In sum, although ephemeral messaging is short-lived, the consequences – of failing to comply with data preservation and regulatory obligations – may be long lasting.