Employment Legislation in Illinois Regulates BIPA and AI

In the span of 10 days in August 2024, Illinois Governor J.B. Pritzker signed into law a series of significant employment legislation, paving the way for a new employment landscape beginning in 2025 and 2026. The new legislation includes:

    • Adding new requirements for employers utilizing artificial intelligence in their decision-making processes, and imposing liability under the Illinois Human Rights Act if those AI systems create a discriminatory effect;
    • Passing long-awaited reforms to the Biometric Information Privacy Act  that limit the number of violations an individual may accumulate under the law

Read the full Alert on the Duane Morris website.

Changes to Illinois Biometric Data Law Lower Liability, but the Stakes Remain High

In recent years, a heavy question mark has weighed on companies that process biometric information as part of their standard operating procedures: What is our risk exposure?  On August 2, 2024, Illinois Governor J.B. Pritzker signed into law a bill passed by the Illinois Legislature in May to amend BIPA in a way that is expected to limit the risk exposure associated with violations. The amended text of BIPA now indicates that violations essentially occur on a per-person basis, not a per-scan basis. This is expected to yield a marked decrease in the number of violations for which a company may be liable, though penalties of up to $5,000 may still add up quickly where thousands of individuals or more are implicated. Read the full Alert on the Duane Morris website.

Embracing Artificial Intelligence in the Energy Industry

Last year, President Joe Biden signed Executive Order 14110 on the “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.” Since the issuance of the executive order, a lot of attention has been focused on the provision requiring “the head of each agency with relevant regulatory authority over critical infrastructure … to assess potential risks related to the use of AI in critical infrastructure sectors involved, … and to consider ways to mitigate these vulnerabilities.” Naturally, government agencies generated numerous reports cataloging the well-documented risks of AI. At the same time, nearly every company has implemented risk-mitigation guidelines governing the use of artificial intelligence. To be sure, the risks of AI are real, from privacy and cybersecurity concerns, to potential copyright infringements, to broader societal risks posed by automated decision-making tools. Perhaps because of these risks, less attention has been focused on the offensive applications of AI, and relatedly, fewer companies have implemented guidelines promoting the use of artificial intelligence. Those companies may be missing out on opportunities to reduce legal risks, as a recent report by the Department of Energy highlights.

Read The Legal Intelligencer article by Duane Morris partners Phil Cha and Brian H. Pandya

Colorado Privacy Act’s Universal Opt-Out Provision Goes Into Effect July 1, 2024

While the Colorado Privacy Act (CPA) has already been in effect, as of July 1, 2024, companies that meet the threshold compliance criteria for CPA and that engage in the processing of personal data for purposes of targeted advertising or the sale of personal data (“covered entities”) must implement a universal opt-out mechanism, which allows users to more easily exercise their opt-out rights with these covered entities. Specifically, a universal opt-out mechanism allows a user to configure their internet browser settings, and as a result, the websites the user visits from that browser automatically receive the user’s opt-out signal. As of July 1, 2024, covered entities must recognize and honor a user’s opt-out preferences where communicated through a universal opt-out mechanism.

Read the full Alert  on the Duane Morris LLP website.

Texas Data Privacy and Security Act Coming July 1, 2024: What You Need to Know

In the absence of a federal comprehensive privacy law, states have been enacting their own in a sort of domino effect, creating a patchwork of compliance laws with their own nuances. The Texas Data Privacy and Security Act (TDPSA) is one of those new laws and goes into effect July 1, 2024, bringing Texas into the fold of U.S. states with a comprehensive data privacy law. While the TDPSA is similar to existing state data privacy laws, it has a unique threshold requirement that may broaden its reach compared to other states. Below are some key considerations that covered businesses should take into account to get ready for compliance with this upcoming new law. Read the full Alert on the Duane Morris website.

Webinar: Practical Impacts of the New EU AI Act

Duane Morris will present Get Smart with AI: Practical Impacts of the New EU AI Act, a webinar on risk mitigation strategies for AI use in business, presented by the Technology, Media and Telecom Industry Group’s Artificial Intelligence Team, on Thursday, May 16, 2024, from 11:00 a.m. to 12:00 p.m. Eastern time and 4:00 p.m. to 5:00 p.m. London time. REGISTER FOR THE WEBINAR. Continue reading “Webinar: Practical Impacts of the New EU AI Act”

Common Uses for AI in Beauty & Associated Risks

Kelly Bonner and Agatha Liu of Duane Morris LLP shared their insights and experience with CosmeticsDesign on the risks of incorporating AI technology into business practices, and how can beauty companies protect themselves.

While “today’s AI technology can save a fair amount of time in not only performing conventional services, but also uncovering hidden insight into consumer motivation and behavior,” Liu noted, “on the other hand, today’s AI technology generally lacks transparency and suffers from hallucination and thus still requires a considerable amount of human review.” Therefore, she recommended that “while companies are encouraged to incorporate AI technology into their offerings, they should closely monitor how it is utilized and what it produces and make adjustments or take remedial steps as appropriate.” […]

Continue reading “Common Uses for AI in Beauty & Associated Risks”

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress