Categories
Archives
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Data Matters
Cybersecurity, Privacy, Data Protection, Artificial Intelligence, Internet Law, and Policy
In a Win for Defendants, Illinois Supreme Court Holds That Health Care Exemption Under BIPA Is Not Limited to Patients’ Biometric Information
For the third time in 2023, the Illinois Supreme Court addressed the scope of the Illinois Biometric Information Privacy Act (BIPA) — this time in Mosby v. Ingalls Memorial Hospital. In a unanimous decision, the court held that BIPA’s “health care exemption” is not limited to patients’ biometric information (such as fingerprint scans), but also extends to biometric information collected, used, or stored for healthcare treatment, payment, or operations — regardless of its source.1 This decision also marks the Illinois Supreme Court’s first BIPA-related decision where it adopted the defendants’ proposed interpretation of the statute. (more…)
Kathleen Carlson
Chicago
kathleen.carlson@sidley.com
Neil H. Conrad
Chicago
nconrad@sidley.com
Lawrence P. Fogel
Chicago
lawrence.fogel@sidley.com
Geeta Malhotra
Chicago
gmalhotra@sidley.com
Andrew F. Rodheim
Chicago
arodheim@sidley.com
‘World-First’ Agreement on AI Reached
Over one hundred representatives from across the globe convened in the UK on 1-2 November 2023 at the Global AI Safety Summit. The focus of the Summit was to discuss how best to manage the risks posed by the most recent advances in AI. However, it was the “Bletchley Declaration” –announced at the start of the Summit—which truly emphasized the significance governments are attributing to these issues. (more…)
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Mhairi Cameron
Trainee Solicitor
mcameron@sidley.com
Latest Developments on AI in the EU: the Saga Continues
EU AI Act
Up until recently, political agreement on the final text of the EU Artificial Intelligence Regulation (AI Act) was expected on 6 December 2023. However, latest developments indicated roadblocks in the negotiations due to three key discussion points – please see our previous blog post here. EU officials are reported to be meeting twice this week to discuss a compromise mandate on EU governments’ position on the text, in preparation of the political meeting on 6 December. (more…)
William RM Long
London
wlong@sidley.com
Lauren Cuyvers
Brussels
lcuyvers@sidley.com
Matthias Bruynseraede
London
mbruynseraede@sidley.com
Agreement Reached on the EU’s Data Act
On 27 November 2023, the Council adopted the final text of the Data Act which facilitates (and in certain cases, mandates) the access to (personal and non-personal) data. The Data Act was originally proposed by the European Commission in 2022. Alongside the EU Data Governance Act (which came into force in June 2022) the Data Act forms part of the EU’s Data Strategy which aims to “make the EU a leader in a data-driven society”. (more…)
Francesca Blythe
London
fblythe@sidley.com
Lauren Cuyvers
Brussels
lcuyvers@sidley.com
Mhairi Cameron
Trainee Solicitor
mcameron@sidley.com
Preparing for the EU AI Act
Join Sidley and OneTrust DataGuidance for a webinar on the EU AI Act. This discussion with industry panellists will cover initial reactions to the (anticipated) political agreement on the EU AI Act following key negotiations by the European legislative bodies on December 6, 2023.
(more…)
William RM Long
London
wlong@sidley.com
Lauren Cuyvers
Brussels
lcuyvers@sidley.com
USA: An Overview of State Data Privacy Laws Part Two – Scope and Enforcement
The U.S. state data privacy landscape is fast evolving into a patchwork of broad state privacy laws that govern for-profit and non-profit entities that meet certain threshold criteria and the personal information of residents in each of those states. In Part 2 of the OneTrust DataGuidance Insight articles on state data privacy laws, Sidley lawyer Sheri Porath Rockwell compares the scope and enforcement provisions of the comprehensive data privacy laws that have been enacted in 13 states to date. While individual state data privacy laws share common features of transparency, data subject rights, opt-outs for sales and targeted advertising, and no private right of action, there are significant differences among them, including with respect to the types of entities and data that are in scope and enforcement approaches.
(more…)
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Insights from the IAPP Europe Data Protection Congress: Regulatory Convergence on AI and Sidley’s Women in Privacy Networking Lunch
The International Association of Privacy Professionals (IAPP) held its annual Europe Data Protection Congress in Brussels on November 15 & 16, 2023. Whilst the Congress covered a wide range of topics related to privacy, cybersecurity and the regulation of data more broadly, unsurprisingly a recurring theme throughout was the responsible development, commercialization and use of AI. In this regard panelists explored (amongst other things) what practical and effective AI governance may look like, the role of a Digital Ethics Officer, how to strike a balance between enabling innovation and safeguarding individual rights, and how AI may be used to automate data breach detection and response.
(more…)
Francesca Blythe
London
fblythe@sidley.com
Monika Zdzieborska
London
mzdzieborska@sidley.com
Lauren Cuyvers
Brussels
lcuyvers@sidley.com
Bronwyn Tonelli
Trainee Solicitor
btonelli@sidley.com
The Tenth Edition of Lexology In-Depth: Privacy, Data Protection and Cybersecurity (formerly The Privacy, Data Protection and Cybersecurity Law Review) is now available
The tenth edition of Lexology In-Depth: Privacy, Data Protection and Cybersecurity (formerly The Privacy, Data Protection and Cybersecurity Law Review) provides a global overview of the evolving legal and regulatory regimes governing data privacy and security, at a time when both privacy and security are increasingly challenged by the fast-paced development of technologies such as large language models, generative AI, and self-teaching/self-replicating applications. A number of lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law.
(more…)
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Lauren Cuyvers
Brussels
lcuyvers@sidley.com
Denise Kara
London
dkara@sidley.com
Eleanor Dodding
London
edodding@sidley.com
Matthias Bruynseraede
London
mbruynseraede@sidley.com
Subhalakshmi Kumar
London
skumar@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Upcoming Events
Sidley Lawyers Anna Remis and Ash Nagdev to Speak at Microsoft ObtAIn Conference
Sidley Partner Hardy Callcott to Participate in Berkeley Boosts Webinar on Predictive Data Analytics and the Law
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
John M. Casanova
jcasanova@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Sharon R. Flanagan
sflanagan@sidley.com
David A. Gordon
dgordon@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Robert D. Keeling
rkeeling@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Glenn G. Nash
gnash@sidley.com
Rollin A. Ransom
rransom@sidley.com
Alan Charles Raul
araul@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com