#HelloWorld. In this issue, we survey the tech industry’s private self-regulation—what model developers and online platforms have implemented as restrictions on AI usage. Also, one court in the U.S. hints at how much copying by an AI model is too much and the EU releases its most recent amendments to the AI Act. Let’s stay smart together.
Read more on The Artificial Intelligence Blog.
#HelloWorld. We originally thought this edition would focus on OpenAI’s attempts to self-regulate GPT usage, but the European Union had other plans for us. This past Thursday, news broke of an agreement to add generative AI tools to the AI Act, the EU’s centerpiece AI legislation. So today’s issue starts there, before discussing OpenAI’s and others’ recent announcements regarding training data access and usage.
On 17 April 2023, Decree No. 13/2023/ND-CP on personal data protection (PDPD) was officially issued by the Vietnamese Government. The long-awaited and controversial decree is set to be the first ever legal document with comprehensive regulations on both personal data and its protection in Vietnam. With an exception being the grace period of 2 years for SMEs, after 1 July 2023, the PDPD will be applicable to all entities located in Vietnam and/or outside Vietnam but directly con-ducting activities in relation to the processing of personal data in Vietnam.
To read the full text of this blog post by Duane Morris Vietnam partner Dr. Oliver Massmann, please visit the Duane Morris Vietnam Blog.
#HelloWorld. In this edition, momentum picks up in Congress, the executive branch, and the states to regulate AI, while more intellectual-property litigation may be on the horizon. Overseas, governments continue to be wary of the new large AI models. It’s getting complicated. Let’s stay smart together.
Read more on The Artificial Intelligence Blog.
The Federal Trade Commission’s proposed click to cancel rule requires companies to provide more detailed information and notices about cancelling automatic renewals, subscriptions, and memberships which are prevalent in online commerce. The proposed rule, titled Negative Option Rule, is at: https://www.ftc.gov/system/files/ftc_gov/pdf/p064202_negative_option_nprm.pdf
The goal of the proposed rule is to combat unfair or deceptive practices that include recurring charges for products or services consumers do not want and cannot cancel without undue difficulty. The FTC is currently seeking comments on the proposed rule until April 19, 2023.
The proposed rule would require canceling via a negative-option program to be easy and available through the same means as signing up. For example, if a company offers one-click membership sign-up through its website, then the company must also offer one-click cancellation through the same website.
Other substantive requirements of the proposed rule include annual reminders for customers of programs that do not involve the shipment of physical goods, pre-billing disclosure requirements, express consent for subscription terms separate from the rest of the transaction, and limits on the ability to offer special deals to customers attempting to cancel.
To help comply with this anticipated rule, companies should:
#HelloWorld. Welcome to the first edition of The AI Update. Every other week, we’ll provide you with a curated summary of the most relevant, impactful legal developments in the world of AI. Let’s stay smart together.
Read more on The Artificial Intelligence Blog.
Ephemeral messaging is short-lived, yet the data preservation and regulatory obligations remain.
Ephemeral messaging apps – like WhatsApp and SnapChat – are a form of digital communication available for a limited time and then deleted. The two key characteristics of ephemeral messaging are: (1) automated deletion of message content for both the sender and the receiver and (2) end-to-end encryption which enhances privacy by making it more difficult for hackers and others to read the encrypted data while it is in transition between devices.
The three degrees of ephemerality in messaging apps are:
The benefits of ephemeral messaging include:
The legal risks of ephemeral messaging include: (1) complying with subpoenas and (2) preservation of data when litigation is “reasonably anticipated”.
Subpoenas often define documents and communications broadly to capture all communications, including ephemeral messaging. Thus, the failure to preserve documents may result in an inability to fully comply with a subpoena and/or a criminal exposure, particularly if the subpoena was issued by the government.
Regarding the preservation of data, legal hold policies may need to be amended to address ephemeral messaging, including when a company is dealing with government regulators. See e.g., Federal Trade Commission v. Noland, et al., Case No. CV-20-00047-PHX-DWL (D. Ariz. 2021) (sanctioning defendants for installing and using ephemeral messaging after learning they were investigation targets).
Some regulators caution against the use of ephemeral messaging. For example:
Accordingly, establishing adequate and effective corporate compliance programs are important, including:
In sum, although ephemeral messaging is short-lived, the consequences – of failing to comply with data preservation and regulatory obligations – may be long lasting.
Daily news reports about ChatGPT are ubiquitous. Can it replace legal tasks undertaken by humans (with law degrees and state bar licenses)? Can lawyers use it to enhance their legal work? Quite naturally, this raises the issue of whether ChatGPT will make its way into class action litigation – where the stakes are enormous, and the workloads of lawyers involved in those cases are enormous.
To read the full text of this post by Duane Morris attorney Brandon Spurlock, please visit the Duane Morris Class Action Defense Blog.
On the heels of holding that defendants’ use of session replay software did not constitute a violation of the California Invasion of Privacy Act, Judge William Alsup in Williams v. What If Holdings LLC and ActiveProspect Inc. has now denied the plaintiff’s request for leave to amend. In doing so, the court reaffirmed its previous holding that the plaintiff’s allegations only established that ActiveProspect’s use of session replay software functioned as a tool that supported What If’s management of its own website data, and not as a means of eavesdropping and aggregating information for ActiveProspect’s own purposes.
Read the full Alert on the Duane Morris LLP website.
Entering the conversation, the United States District Court for the Central District of California recently denied a motion to dismiss claims alleging that a website’s chat features and use of session replay software violate the California Invasion of Privacy Act (CIPA). Notably, this court rejected a forum selection clause in the website’s terms of use and went on to hold that allegations that the plaintiff shared “personal information” in the chat were sufficient to maintain a claim.
Read the full Alert on the Duane Morris LLP website.
