Categories
Archives
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Data Matters
Cybersecurity, Privacy, Data Protection, Artificial Intelligence, Internet Law, and Policy
U.S. HHS Office of General Counsel Statement of Organization Suggests Potential Consolidation, Expansion of Authority
On March 14, 2025, the U.S. Department of Health and Human Services (HHS) issued a revised Statement of Organization for the Office of the General Counsel (HHS-OGC).1 Changes include a return to an organizational structure more like the early days of the first Trump administration for the lawyers advising the Food and Drug Administration (FDA), as well as the closing of certain regional HHS-OGC offices. Additional changes could potentially signal an effort to consolidate and expand HHS-OGC’s authority, especially with respect to matters currently opined upon by lawyers advising the HHS Office of Inspector General (HHS-OIG). Stakeholders should consider opportunities to engage with HHS in light of the changes announced in the March 2025 Statement of Organization.
(more…)
Brenna E. Jenny
Washington, D.C.
bjenny@sidley.com
Jaime L.M. Jones
Chicago
jaime.jones@sidley.com
Meenakshi Datta
Chicago
mdatta@sidley.com
Rebecca K. Wood
Washington, D.C.
rwood@sidley.com
Raj D. Pai
Washington, D.C.
rpai@sidley.com
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Michael Varrone
Washington, D.C.
michael.varrone@sidley.com
Florida Federal Court Puts Florida’s Security of Communications Act in Play in the Ongoing Wave of Website Privacy Class Actions
In a significant development in the ever-expanding world of privacy class actions, earlier this month a federal judge in Florida denied dismissal of a website privacy claim brought under the Florida Security of Communications Act (FSCA). For years, Florida courts have been reluctant to find that this 50-year-old wiretapping statute could be applied to third-party technologies that analyzed consumer behavior on websites. When a wave of privacy class actions was filed under the FSCA a few years ago, the claims were almost uniformly rejected, as the courts found that the information allegedly intercepted by website technologies had little resemblance to the contents of a wiretapped telephone call. But on March 6, a district court in the Middle District of Florida took a new look at some of the latest website technologies and, in doing so, may have thrown the FSCA back into the mix of decades-old statutes that pose new dangers to consumer-facing websites.
(more…)
Ian M. Ross
Miami
iross@sidley.com
Jonathan Lesgart
Miami
jonathan.lesgart@sidley.com
Impact of U.S. Outbound Investment Rules on Loan Transactions in China and Practical Considerations
The final rule on the new U.S. outbound investment security program (Outbound Investment Rules), implemented by the U.S. Department of the Treasury (Treasury) and effective on January 2, 2025, represents a significant regulatory framework aimed at prohibiting, or requiring notification to Treasury of, investments directed by, or undertaken by subsidiaries of U.S. persons in Chinese-affiliated companies that design, develop, or manufacture certain sensitive technologies deemed important to U.S. national security. Understanding the implications of the Outbound Investment Rules will be essential for both borrowers and lenders operating within these jurisdictions.
(more…)
Olivia Ngan
Hong Kong
olivia.ngan@sidley.com
James Mendenhall
Washington, D.C.
jmendenhall@sidley.com
EIOPA Publishes Consultation on Opinion on AI Governance and Risk Management
On February 12, 2025, the European Insurance and Occupational Pensions Authority (“EIOPA”) published a consultation on its draft opinion on artificial intelligence (“AI”) governance and risk management (the “Opinion”).
(more…)
James Phythian-Adams
London
jphythianadams@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Julie Rodriguez
London
julie.rodriguez@sidley.com
Luqman Swift
Trainee Solicitor
luqman.swift@sidley.com
Practical Steps for Complying With AI Literacy Obligations
Women in Privacy® (WIP) invites you to join our networking lunch featuring a discussion with Shivali Mayor, Senior Director, Legal Lead for AI and Information Security, Astellas; Sasha Rubel, Head of AI/Generative AI Policy EMEA, Amazon Web Services; and Shazia Khan, Senior Privacy Counsel, Axiom Law.
(more…)
Data Matters Contributors
sidleyprivacyblog@sidley.com
Engage with the U.S. SEC’s Crypto Task Force and Shape the Future of Crypto Regulation
On February 21, 2025, Commissioner Hester Peirce of the U.S. Securities and Exchange Commission (SEC) issued a statement inviting public input on a wide range of issues related to crypto assets and blockchain technology (the Statement). Although the Statement was issued by Commissioner Peirce in her individual capacity and does not necessarily reflect the views of the Commission or other Commissioners, it resembles a concept release in its scope and format, inviting public input on a wide range of issues concerning crypto assets and blockchain technology.
(more…)
Lilya Tessler
Dallas, Miami
ltessler@sidley.com
Andrew J. Sioson
Washington, D.C.
asioson@sidley.com
Chuck Daly
New York, Boston
cdaly@sidley.com
Carla G. Teodoro
New York
cteodoro@sidley.com
Alec J. Silvester
Miami
asilvester@sidley.com
EDPB Adopts Report on GDPR Right of Access Following 2024 Coordinated Enforcement Action
On January 20, 2025, the European Data Protection Board (EDPB) adopted a report on the implementation of the right of access by controllers under the GDPR (the Report). The right of access was the subject of the EDPB’s third coordinated enforcement action (CEF) in 2024 which involved 1,185 controllers of varying size, industry, and sectors. The Report provides useful recommendations for controllers on how to comply with access requests, including guidance on how long access request documentation should be retained, the importance of maintaining internal documentation, and how to avoid a ‘one size fits all’ approach. The Report emphasizes that access requests should be handled on a case-by-case basis, considering the broad scope of the right and the limited exemptions.
(more…)
Francesca Blythe
London
fblythe@sidley.com
Eleanor Dodding
London
edodding@sidley.com
Artificial Intelligence: U.S. Securities and Commodities Guidelines for Responsible Use
Despite recent focus on artificial intelligence (AI) by U.S. financial regulators, the Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), and Financial Industry Regulatory Authority (FINRA) have not yet issued new regulations specifically addressing the use of AI. Nonetheless, during the Biden administration, guidance from these agencies emphasized the necessity of responsible use of AI within existing regulatory frameworks, urging market participants to exercise additional diligence to navigate compliance risks associated with AI usage.
(more…)
W. Hardy Callcott
San Francisco
wcallcott@sidley.com
Nathan A. Howell
Chicago
nhowell@sidley.com
Kate Lashley
Miami, New York
klashley@sidley.com
Andrew J. Sioson
Washington, D.C.
asioson@sidley.com
Lilya Tessler
Dallas, Miami
ltessler@sidley.com
Alec J. Silvester
Miami
asilvester@sidley.com
Upcoming Events
IAPP AI Governance Global Europe 2025
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Sharon R. Flanagan
sflanagan@sidley.com
David A. Gordon
dgordon@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Rollin A. Ransom
rransom@sidley.com
Alan Charles Raul
araul@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com