Guarding Your Digital Data Against AI Incursion

Digital data is becoming a hot commodity these days because it enables AI tools to do powerful things. Companies that offer content should keep up with the evolving technology and laws that can help them protect their online data.

As data becomes available online, it can be accessed in different ways leading to various legal issues. In general, one basis for protecting online data lies in the creativity of the data under the Copyright Act of 1976. Another basis lies in the technological barrier of the computer system hosting the data under the Computer Fraud and Abuse Act (CFAA) and Digital Millennium Copyright Act. It is also possible to protect online data based on contractual obligations or tort principles under state common law. In terms of the data, a company would need to consider its proprietary data and user-generated data separately, but any creative content is invariably entitled to copyright protection.

To read the full text of this article, please visit the Duane Morris Artificial Intelligence Blog.

Autonomous AI and the Question of Creativity

On March 16, 2023, the United States Copyright Office (USCO) published Copyright Registration Guidance (Guidance) on generative AI[1]. In the Guidance, the USCO reminded us that it “will not register works produced by a machine or mere mechanical process that operates randomly or automatically without any creative input or intervention from a human author.” This statement curiously conjures the notion of a machine creating copyrightable works autonomously.

While the operation of a machine, or specifically the execution of the underlying AI technology, may be largely mechanical with little human involvement, the design of the AI technology can take significant human effort. If we look at protecting human works that power machines as intellectual property in the broad context where AI has been applied, just like authorship has been an issue when an AI technology is used in creating copyrightable subject matter, inventorship has been an issue when an AI technology is used in generating an idea that may be eligible for patent protection.

To read the full text of this article, please visit the Duane Morris Artificial Intelligence Blog.

Artificial Intelligence Updates – 06.14.23

#HelloWorld. Regulatory hearings and debates were less prominent these past two weeks, so in this issue we turn to a potpourri of private AI industry developments. The Authors Guild releases new model contract clauses limiting generative AI uses; big tech companies provide AI customers with a series of promises and tips, at varying levels of abstraction; and the Section 230 safe harbor is ready for its spotlight. Plus, ChatGPT is no barrel of laughs—actually, same barrel, same laughs. Let’s stay smart together.

Read more on The Artificial Intelligence Blog.

Privacy Laws + Banks + FinTech = New U.S. Guidance on Risk Management for Third-Party Relationships

Three federal agencies jointly issued a guidance that banks are expected to monitor their financial technology partners to ensure compliance with privacy, fair lending, and anti-money laundering laws.

The “Interagency Guidance on Third-Party: Risk Management” was issued jointly by: (1) Board of the Federal Reserve System [OP-1752], (2) Department of the Treasury Office of the Comptroller of the Currency [OCC-2021-0011], and (3) Federal Deposit Insurance Corporation [RIN 3064-ZA26], with a final guidance date of June 6, 2023 (“Guidance”).  The Guidance offers the three U.S. agencies’ views on sound risk management principles for banking organizations when developing and implementing risk management practices for all stages in the life cycle of third-party relationships.

Prior guidance is rescinded and replaced by the Guidance

The Guidance rescinds and replaces the following previously issued guidance by the three federal agencies:

  • Board’s 2013 guidance: SR Letter 13-19/CA Letter 13-21, “Guidance on Managing Outsourcing Risk” (December 5, 2013, updated February 26, 2021)
  • FDIC’s 2008 guidance:  FIL-44-2008, “Guidance for Managing Third-Party Risk” (June 6, 2008)
  • OCC’s 2013 Guidance and its 2020 frequently asked questions: OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance,” and OCC Bulletin 2020-10, “Third-Party Relationships: Frequently Asked Questions to Supplement OCC Bulletin 2013-29.” Additionally, the OCC also issued foreign-based third-party guidance, OCC Bulletin 2002-16, “Bank Use of Foreign-Based Third-Party Service Providers: Risk Management Guidance,” which is not being rescinded but instead supplements the final guidance.

The Guidance seeks to establish a consistent approach which puts the onus on banks to obtain information from and ensure compliance from its third-party fintech relationships.  In other words, banks are responsible for knowing how their fintech partners: (1) are operating and (2) are complying with applicable federal law.

Obligations concerning privacy laws and cross-border flow of information 

The Guidance discusses factors to consider when evaluating whether to enter into a relationship with a third party, including the compliance of privacy laws.  Regarding contracts between a bank and a foreign-based third party, the Guidance notes the importance of:

  • privacy laws
  • cross-border flow of information
  • choice-of law and jurisdictional provisions that provide dispute adjudication

In sum, the 68-page Guidance sets forth a bank’s risk management obligations when contracting with third-party fintech.  As privacy laws and cross-border flow of information continually increase, the Guidance sets forth the criteria to analyze within these contracts.

 

 

How to Strengthen Your Company’s Online Data in the Age of AI

Digital data is becoming a hot commodity these days because it enables AI tools to do powerful things. Companies that offer content should keep up with the evolving technology and laws that can help them protect their online data.

As data becomes available online, it can be accessed in different ways leading to various legal issues. In general, one basis for protecting online data lies in the creativity of the data under the Copyright Act of 1976. Another basis lies in the technological barrier of the computer system hosting the data under the Computer Fraud and Abuse Act (CFAA) and Digital Millennium Copyright Act.

Read more on the Duane Morris Artificial Intelligence Blog.

FDA Issues Recommendations on Artificial Intelligence Software Functions

The U.S. Food and Drug Administration (FDA) has issued a draft guidance intended to promote the development of safe and effective medical devices that use a type of artificial intelligence (AI) known as machine learning (ML). The draft guidance further develops FDA’s least burdensome regulatory approach for AI/ML-enabled device software functions (ML-DSFs), which aims to increase the pace of innovation while maintaining safety and effectiveness.

Read the full Alert on the Duane Morris website.

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress