Following the EU’s increased focus on generative AI with the inclusion of foundation and generative AI in the latest text of the EU AI Act (see our post here), the UK now also follows suit, with the UK’s Information Commissioner’s Office (“ICO”) communicating on 15 June 2023 its intention to “review key businesses’ use of generative AI.” The ICO warned businesses not to be “blind to AI risks” especially in a “rush to see opportunity” with generative AI. Generative AI is capable of generating content e.g., complex text, images, audio or video, etc. and is viewed as involving more risk than other AI models because of its ability to be used across different sectors (e.g., law enforcement, immigration, employment, insurance and health), and so have a greater impact across society – including in relation to vulnerable groups.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00William RM Longhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngWilliam RM Long2023-08-17 15:11:532023-09-06 14:59:52UK ICO Scrutinizes Use of Generative AI
Artificial intelligence (AI) has the capacity to disrupt entire industries, with implications for corporate strategy and risk, stakeholder relationships, and compliance that require the attention of the board of directors.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Holly J. Gregoryhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngHolly J. Gregory2023-08-11 09:04:012023-09-06 15:00:22AI and the Role of the Board of Directors
On July 26, 2023, the U.S. Securities and Exchange Commission (SEC or Commission) proposed new rules for broker-dealers (Proposed Rule 15(1)-2) and investment advisers (Proposed Rule 211(h)(2)-4) on the use of predictive data analytics (PDA) and PDA-like technologies in any interactions with investors.1 However, as discussed below, the scope of a “covered technology” subject to the rules is much broader than what most observers would consider to constitute predictive data analytics. The proposal would require that anytime a broker-dealer or investment adviser uses a “covered technology” in connection with engaging or communicating with an investor (including exercising investment discretion on behalf of an investor), the broker-dealer or investment adviser must evaluate that technology for conflicts of interest and eliminate or neutralize those conflicts of interest. The proposed rules would apply even if the interaction with the investor does not rise to the level of a “recommendation.”
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00W. Hardy Callcotthttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngW. Hardy Callcott2023-08-10 10:38:272023-09-06 15:00:44SEC Proposes Sweeping New Rules on Use of Data Analytics by Broker-Dealers and Investment Advisers
On July 26, 2023, the U.S. Securities and Exchange Commission finalized its rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies (the Final Rule), which will become effective 30 days following publication in the Federal Register. The Final Rule applies to all public companies subject to the reporting requirements of the Securities Exchange Act of 1934, including foreign private issuers, smaller reporting companies, and business development companies, and will require disclosure of material cybersecurity incidents on Form 8-K and Form 20-F and periodic disclosure of cybersecurity risk management, strategy, and governance in annual reports on Form 10-K and Form 20-F.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Sonia Gupta Barroshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngSonia Gupta Barros2023-07-31 14:32:332023-09-06 15:01:11U.S. SEC Public Company Cybersecurity Disclosure Regulation Finalized With Swift Effective Date
This week, two committees in the House of Representatives will mark up legislation intended to clarify the regulatory framework applicable to digital assets in the United States. Earlier this month, leaders in the U.S. Senate also introduced legislation to establish a comprehensive and unified regulatory scheme for digital assets and digital asset derivatives.1 Both the House and Senate bills seek to integrate the regulation of digital assets and digital asset derivatives into the existing U.S. regulatory framework — primarily that of the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) — rather than create a standalone framework, but both bills face significant barriers to enactment.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Michael E. Bordenhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngMichael E. Borden2023-07-26 09:22:202023-09-06 15:01:37U.S. Congressional Leaders Introduce Two Landmark Bills to Create a Digital Assets Regulatory Scheme
On July 18, 2023, Singapore’s data protection authority published proposed guidelines on the use of personal data in artificial intelligence (AI) systems. The guidelines will be up for public consultation until August 31, 2023, and aim to address how Singapore’s privacy laws will apply to organizations which develop or deploy AI systems. The draft guidelines underscore the significance placed by the privacy regulator on the need to ensure personal data protection, without discouraging organizations from responsibly using AI systems in their businesses. Accordingly, organizations interested in using AI can use the guidelines for insight into what privacy expectations lie in store once the guidelines are finalized.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/10/MN-18359_Data-Matters_833x606-13.jpg607834Yuet Ming Thamhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngYuet Ming Tham2023-07-24 09:24:432023-09-06 15:02:00Singapore PDPC Consultation on New Guidance for Use of Personal Data in AI Systems
On July 13, Sidley and OneTrust DataGuidance hosted a webinar titled “The Finalization of the EU-U.S. Data Privacy Framework.” The discussion with key players in international data transfers included topics such as significant points and implications of the European Commission Adequacy Decision for the Data Privacy Framework, what organizations should know about the Framework’s Principles, consideration of factors and logistics for signing up for the Framework (including interplay with current Privacy Shield membership), next steps in the EU and UK processes, and other internal data transfer developments, including adequacy decision for the UK-U.S. Data Bridge.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngData Matters Contributors2023-07-20 11:43:032023-09-06 15:03:36Webinar Recording: The Finalization of the EU-U.S. Data Privacy Framework
Just before Americans began their Fourth of July holiday, the U.S. Commodity Futures Trading Commission (CFTC) Division of Enforcement Director announced that the division has established two key task forces: the Cybersecurity and Emerging Technologies and the Environmental Fraud Task Force.1 Both task forces will be staffed with attorneys and investigators across the Division of Enforcement with the goal of serving as subject matter experts and prosecuting cases. As a result, CFTC registrants should be prepared for heightened focus on cybersecurity and environmental fraud, particularly in the derivatives and relevant spot markets.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/10/MN-18359_Data-Matters_833x606-15.jpg607834Paul M. Tyrrellhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngPaul M. Tyrrell2023-07-14 15:15:082023-09-06 15:04:08Cybersecurity and Environmental Fraud Top Priorities of U.S. Commodity Futures Trading Commission Division of Enforcement
UK ICO Scrutinizes Use of Generative AI
Following the EU’s increased focus on generative AI with the inclusion of foundation and generative AI in the latest text of the EU AI Act (see our post here), the UK now also follows suit, with the UK’s Information Commissioner’s Office (“ICO”) communicating on 15 June 2023 its intention to “review key businesses’ use of generative AI.” The ICO warned businesses not to be “blind to AI risks” especially in a “rush to see opportunity” with generative AI. Generative AI is capable of generating content e.g., complex text, images, audio or video, etc. and is viewed as involving more risk than other AI models because of its ability to be used across different sectors (e.g., law enforcement, immigration, employment, insurance and health), and so have a greater impact across society – including in relation to vulnerable groups.
(more…)
William RM Long
London
wlong@sidley.com
Lauren Cuyvers
Brussels
lcuyvers@sidley.com
Subhalakshmi Kumar
London
skumar@sidley.com
AI and the Role of the Board of Directors
(more…)
Holly J. Gregory
New York
holly.gregory@sidley.com
SEC Proposes Sweeping New Rules on Use of Data Analytics by Broker-Dealers and Investment Advisers
On July 26, 2023, the U.S. Securities and Exchange Commission (SEC or Commission) proposed new rules for broker-dealers (Proposed Rule 15(1)-2) and investment advisers (Proposed Rule 211(h)(2)-4) on the use of predictive data analytics (PDA) and PDA-like technologies in any interactions with investors.1 However, as discussed below, the scope of a “covered technology” subject to the rules is much broader than what most observers would consider to constitute predictive data analytics. The proposal would require that anytime a broker-dealer or investment adviser uses a “covered technology” in connection with engaging or communicating with an investor (including exercising investment discretion on behalf of an investor), the broker-dealer or investment adviser must evaluate that technology for conflicts of interest and eliminate or neutralize those conflicts of interest. The proposed rules would apply even if the interaction with the investor does not rise to the level of a “recommendation.”
(more…)
W. Hardy Callcott
San Francisco
wcallcott@sidley.com
Jay G. Baris
New York
jbaris@sidley.com
James Brigagliano
Washington, D.C.
jbrigagliano@sidley.com
Benson R. Cohen
New York
brcohen@sidley.com
Ranah Esmaili
Washington, D.C.
resmaili@sidley.com
Nathan J. Greene
New York
ngreene@sidley.com
Laurin Blumenthal Kleiman
New York
lkleiman@sidley.com
Michael D. Wolk
Washington, D.C.
mwolk@sidley.com
Chuck Daly
New York, Boston
cdaly@sidley.com
U.S. SEC Public Company Cybersecurity Disclosure Regulation Finalized With Swift Effective Date
On July 26, 2023, the U.S. Securities and Exchange Commission finalized its rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies (the Final Rule), which will become effective 30 days following publication in the Federal Register. The Final Rule applies to all public companies subject to the reporting requirements of the Securities Exchange Act of 1934, including foreign private issuers, smaller reporting companies, and business development companies, and will require disclosure of material cybersecurity incidents on Form 8-K and Form 20-F and periodic disclosure of cybersecurity risk management, strategy, and governance in annual reports on Form 10-K and Form 20-F.
(more…)
Sonia Gupta Barros
Washington, D.C.
sbarros@sidley.com
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Paul L. Choi
Chicago
pchoi@sidley.com
Stephen L. Cohen
Washington, D.C., Boston, ...
scohen@sidley.com
John P. Kelsh
Chicago
jkelsh@sidley.com
David Lashway
Washington D.C.
dlashway@sidley.com
Geeta Malhotra
Chicago
gmalhotra@sidley.com
Lara Shalov Mehraban
New York
lmehraban@sidley.com
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Andrea L. Reed
Chicago
andrea.reed@sidley.com
Michele L. Aronson
Washington, D.C.
maronson@sidley.com
Sasha Hondagneu-Messner
New York
shondagneumessner@sidley.com
U.S. Congressional Leaders Introduce Two Landmark Bills to Create a Digital Assets Regulatory Scheme
This week, two committees in the House of Representatives will mark up legislation intended to clarify the regulatory framework applicable to digital assets in the United States. Earlier this month, leaders in the U.S. Senate also introduced legislation to establish a comprehensive and unified regulatory scheme for digital assets and digital asset derivatives.1 Both the House and Senate bills seek to integrate the regulation of digital assets and digital asset derivatives into the existing U.S. regulatory framework — primarily that of the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) — rather than create a standalone framework, but both bills face significant barriers to enactment.
(more…)
Michael E. Borden
Washington, D.C.
mborden@sidley.com
Lilya Tessler
Dallas, Miami
ltessler@sidley.com
David E. Teitelbaum
Washington, D.C.
dteitelbaum@sidley.com
Kate Lashley
Miami, New York
klashley@sidley.com
Robert C. Uhl
Dallas
ruhl@sidley.com
Singapore PDPC Consultation on New Guidance for Use of Personal Data in AI Systems
On July 18, 2023, Singapore’s data protection authority published proposed guidelines on the use of personal data in artificial intelligence (AI) systems. The guidelines will be up for public consultation until August 31, 2023, and aim to address how Singapore’s privacy laws will apply to organizations which develop or deploy AI systems. The draft guidelines underscore the significance placed by the privacy regulator on the need to ensure personal data protection, without discouraging organizations from responsibly using AI systems in their businesses. Accordingly, organizations interested in using AI can use the guidelines for insight into what privacy expectations lie in store once the guidelines are finalized.
(more…)
Yuet Ming Tham
Singapore, Hong Kong
ytham@sidley.com
Shu Min Ho
Singapore
shumin.ho@sidley.com
Sam Johnson
Singapore
sam.johnson@sidley.com
Margaret Huang
Singapore
margaret.huang@sidley.com
Nicole Ann Lim
Singapore
nicole.lim@sidley.com
Webinar Recording: The Finalization of the EU-U.S. Data Privacy Framework
On July 13, Sidley and OneTrust DataGuidance hosted a webinar titled “The Finalization of the EU-U.S. Data Privacy Framework.” The discussion with key players in international data transfers included topics such as significant points and implications of the European Commission Adequacy Decision for the Data Privacy Framework, what organizations should know about the Framework’s Principles, consideration of factors and logistics for signing up for the Framework (including interplay with current Privacy Shield membership), next steps in the EU and UK processes, and other internal data transfer developments, including adequacy decision for the UK-U.S. Data Bridge.
(more…)
Data Matters Contributors
sidleyprivacyblog@sidley.com
Cybersecurity and Environmental Fraud Top Priorities of U.S. Commodity Futures Trading Commission Division of Enforcement
Just before Americans began their Fourth of July holiday, the U.S. Commodity Futures Trading Commission (CFTC) Division of Enforcement Director announced that the division has established two key task forces: the Cybersecurity and Emerging Technologies and the Environmental Fraud Task Force.1 Both task forces will be staffed with attorneys and investigators across the Division of Enforcement with the goal of serving as subject matter experts and prosecuting cases. As a result, CFTC registrants should be prepared for heightened focus on cybersecurity and environmental fraud, particularly in the derivatives and relevant spot markets.
(more…)
Paul M. Tyrrell
Boston
ptyrrell@sidley.com
Jennifer Seale
Washington, D.C.
jseale@sidley.com
Steven E. Sexton
Chicago
ssexton@sidley.com
Casey Khan
Houston
ckhan@sidley.com
Upcoming Events
Women in Privacy Networking Lunch
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
John M. Casanova
jcasanova@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Alan Charles Raul
araul@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
John K. Van De Weert
jvandeweert@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com