On Wednesday, March 13, 2024, the European Parliament officially enacted the landmark European Union Artificial Intelligence Act (AI Act). Touted as the world’s first comprehensive legal framework of its kind, the AI Act will go into effect in stages over the next three years. The AI Act will apply to both businesses operating within the EU and to any AI developers or creators whose AI systems are used in EU countries.
This raises the questions:
- How will the AI Act be applied,
- What does the AI Act mean to businesses operating in the U.S., and
- Should we expect the U.S. to follow suit with similar legislation?
| |
The digital health landscape is evolving and with it, the regulatory framework that governs the use of online tracking technologies by health care entities. The recent update issued by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) on March 18, 2024, revised the initial guidance from December 1, 2022, providing clearer directives for HIPAA covered entities and business associates regarding the deployment of online tracking tools.
This update is pivotal for online businesses in the health care sector, aiming to align their operations with HIPAA regulations while leveraging digital analytics for enhanced service delivery.
| |
The private sector is eager to adopt the streamlined utopia offered by artificial intelligence paired with healthy skepticism. In 2024, the California Legislature proposed approximately 31 bills to regulate a wide array of artificial intelligence applications in businesses, schools, advertising, impact assessments, community colleges, AI-watchdog working groups, court filing disclosures, new watermarking standards to mitigate deepfake misinformation, etc. These bills now have until August 13, 2024 to be passed in each house. California’s Governor, Gavin Newsom, will then have until September 30, 2024 to sign or veto. | |
LEGISLATIVE & REGULATORY UPDATE | | |
|
Utah Passes New Versions of Social Media Laws for Minors in Response to Challenges
JDSUPRA
"On March 13, 2024, Governor Spencer Cox signed Utah's Social Media Amendments, SB194 and HB 464. Utah was the first state last year to pass laws strictly limiting minors' use of social media. These laws were challenged in two lawsuits: one brought by social media users and another brought by NetChoice, a trade association representing internet companies."
| | |
|
Framework debate shows as Kentucky nears comprehensive privacy law
iapp
"Kentucky House Bill 15, a comprehensive bill modeled after Virginia's privacy law passed in 2021, has approval from both assembly chambers following a unanimous passage out of the Senate 11 March. The bill, introduced for the first time during the 2024 legislative session, will head back to the House for concurrence on minor Senate amendments and then head to the governor's desk."
| | |
South China Athletic Association: Hong Kong privacy watchdog probes data breach involving loss of 70,000 members' personal information
South China Morning Post
| |
| |
Sweden's Klarna fined $733,000 over insufficient GDPR information
REUTERS
"Swedish payments group Klarna must pay a fine of 7.5 million crowns ($733,324) for violating the EU's General Data Protection Regulation (GDPR) by not providing sufficient information to its users, a Swedish court of appeal ruled on Monday."
| |
| |
Judgement of the Court in Case C-46/23
Court of Justice of the European Union
"Protection of personal data: the supervisory authority of a Member State may order the erasure of unlawfully processed data even in the absence of a prior request by the data subject"
| |
| |
European Commission's use of Microsoft 365 infringes data protection law for EU institutions and bodies
EDPS
"Following its investigation, the EDPS has found that the European Commission has infringed several key data protection rules when using Microsoft 365. In its decision, the EDPS imposes corrective measures on the Commission."
| |
| |
PrivacyCafé: Analysis & Implications of the EI AI Act
HBS
In this episode of PrivacyCafé, Richard Sheinis and Jade Davis discuss the European Union’s Artificial Intelligence Act (EU AI Act) and its implications for businesses globally, especially in the USA. They dive into how other countries and the United States are approaching AI regulation, emphasizing the importance of understanding and adhering to state-specific AI laws for businesses operating in multiple regions but also cover practical concerns around the use of generative AI tools in the workplace.
The full episode can be found on the Business RadioX® network and all the major podcast apps.
|
| |
PrivacyCafé: Predictions for 2024 in Data Privacy & Cybersecurity
HBS
In the most recent episode of PrivacyCafé, Partners Richard Sheinis and Jade Davis discuss their predictions for the data privacy and cybersecurity industry in 2024. They touch on topics such as generative AI, more stringent FTC regulatory amendments, the growing patchwork of state privacy laws, and more.
|
| |
Richard Sheinis
Rich is a Certified Information Privacy Professional (CIPP-US) and a Certified Information Privacy Technologist (CIPT) through the International Association of Privacy Professionals (IAPP). He works with companies to investigate and respond to HIPAA and other data breaches, advises on regulatory compliance including HIPAA, COPPA, PCI DSS, cross-border data transfer, the EU-US Privacy Shield, and other global privacy regulations.
| | |
Jade Davis
Jade provides strategic privacy and cyber-preparedness compliance advice, and defends, counsels, and represents companies on privacy, global data security compliance, data breaches, and investigations. She advises companies on best practices in privacy, cybersecurity, data, mobile, cloud storage, Ad Tech privacy, Internet of Things, and other areas of regulatory compliance.
| | |
Joseph Stepina
Joseph C. Stepina is an Associate in our Little Rock office where he focuses his practice on general liability, premises liability, products liability and data privacy and cybersecurity matters.
|
Lea McBryde
Lea is an associate in our Charlotte office, where she focuses her practice on data privacy and cybersecurity matters.
| | |
Savannah Avera
Savannah is an associate in our Atlanta office, where she protects the rights of clients in health care and cyberspace.
| | | | | |