On June 30, 2023, Hong Kong’s data protection authority (the Office of the Privacy Commissioner for Personal Data, or PCPD) issued an updated version of its Guidance on Data Breach Handling and Data Breach Notifications (the Guidance, accessible here), which aims to guide companies on how they respond to data breaches. In particular, the Guidance contains a new recommendation for companies to adopt written data breach response plans.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Yuet Ming Thamhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngYuet Ming Tham2023-07-07 09:17:422023-09-06 15:06:27Hong Kong New PCPD Guidance on Handling Data Breaches
On 1 June 2023, the Australian Government published the Safe and Responsible AI in Australia: Discussion Paper (“Discussion Paper”) to seek public feedback on identifying the potential gaps in the existing domestic governance landscape and possible additional AI governance mechanisms to support the “safe and responsible” development of AI. As noted in the Discussion Paper, although AI has been identified as a “critical technology in Australia’s national interest”, AI adoption rates across Australia remain relatively low. A key aim of the Discussion Paper is to inform the Australian Government on the steps that should be taken on AI regulation in order to increase “community trust and confidence in AI”. The Discussion Paper addresses a broad range of AI technologies and techniques, such as self-driving cars and generative pre-trained transformers (also known as GPT), and notes that any AI regulatory framework would need to consider existing as well as possible future uses of AI and any ensuing risks. The Discussion Paper has an eight (8) week consultation period ending on 26 July 2023.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/10/MN-18359_Data-Matters_833x606-07.jpg607833William RM Longhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngWilliam RM Long2023-07-05 15:21:322023-09-06 15:06:54Australian Government Commences Public Consultation on National Regulatory Framework for the “Safe and Responsible” Use of AI
On June 13, 2023, the Office of Management and Budget released its Spring 2023 Unified Agenda of Regulatory and Deregulatory Actions, which includes updates on Securities and Exchange Commission (“SEC”) proposed rules. The SEC pushed back its estimate for the final action date to October 2023 for its proposed cybersecurity rules related to public companies, as well as for its investment advisers and funds proposal. Notably, the SEC’s timelines are typically estimates for implementation, and the proposed rules could be introduced sooner or later than these dates. However, the updated timeline indicates that the SEC is prioritizing finalizing its cybersecurity rules related to public companies and investment advisers and funds.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Sonia Gupta Barroshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngSonia Gupta Barros2023-06-29 11:28:142026-01-23 12:32:30SEC Delays Enactment of Cyber Rules Related to Investment Adviser and Public Companies to October 2023, Updates Timeline to April 2024 for Recently Proposed Cybersecurity Rules
On 14 June 2023, the European Parliament adopted – by a large majority – its compromise text for the EU’s Artificial Intelligence Act (“AI Act”), paving the way for the three key EU Institutions (the European Council, Commission and Parliament) to start the ‘trilogue negotiations’. This is the last substantive step in the legislative process and it is now expected that the AI Act will be adopted and become law on or around December 2023 / January 2024. The AI Act will be a first-of-its-kind AI legislation with extraterritorial reach.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/10/MN-18359_Data-Matters_833x606-21.jpg607834William RM Longhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngWilliam RM Long2023-06-23 11:24:102023-09-06 15:07:53European Parliament Adopts AI Act Compromise Text Covering Foundation and Generative AI
On 29 March 2023, the UK’s Department for Science Innovation and Technology (“DSIT”) published its long awaited White Paper on its “pro-innovation approach to AI regulation” (the “White Paper”), along with a corresponding impact assessment. The White Paper builds on the “proportionate, light touch and forward-looking” approach to AI regulation set out in the policy paper published in July 2022. Importantly, the UK has decided to take a different approach to regulating AI compared to the EU, opting for a decentralised sector-specific approach, with no new legislation expected at this time. Instead, the UK will regulate AI primarily through sector-specific, principles based guidance and existing laws, with an emphasis on an agile and innovation-friendly approach. This is in significant contrast to the EU’s proposed AI Act which is a standalone piece of horizontal legislation regulating all AI systems, irrespective of industry.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00William RM Longhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngWilliam RM Long2023-05-19 14:10:292024-11-25 14:36:13UK Sets Out It’s “Pro-Innovation” Approach To AI Regulation
Hong Kong New PCPD Guidance on Handling Data Breaches
On June 30, 2023, Hong Kong’s data protection authority (the Office of the Privacy Commissioner for Personal Data, or PCPD) issued an updated version of its Guidance on Data Breach Handling and Data Breach Notifications (the Guidance, accessible here), which aims to guide companies on how they respond to data breaches. In particular, the Guidance contains a new recommendation for companies to adopt written data breach response plans.
(more…)
Yuet Ming Tham
Singapore, Hong Kong
ytham@sidley.com
Shu Min Ho
Singapore
shumin.ho@sidley.com
Sam Johnson
Australian Government Commences Public Consultation on National Regulatory Framework for the “Safe and Responsible” Use of AI
On 1 June 2023, the Australian Government published the Safe and Responsible AI in Australia: Discussion Paper (“Discussion Paper”) to seek public feedback on identifying the potential gaps in the existing domestic governance landscape and possible additional AI governance mechanisms to support the “safe and responsible” development of AI. As noted in the Discussion Paper, although AI has been identified as a “critical technology in Australia’s national interest”, AI adoption rates across Australia remain relatively low. A key aim of the Discussion Paper is to inform the Australian Government on the steps that should be taken on AI regulation in order to increase “community trust and confidence in AI”. The Discussion Paper addresses a broad range of AI technologies and techniques, such as self-driving cars and generative pre-trained transformers (also known as GPT), and notes that any AI regulatory framework would need to consider existing as well as possible future uses of AI and any ensuing risks. The Discussion Paper has an eight (8) week consultation period ending on 26 July 2023.
(more…)
William RM Long
London
wlong@sidley.com
Denise Kara
SEC Delays Enactment of Cyber Rules Related to Investment Adviser and Public Companies to October 2023, Updates Timeline to April 2024 for Recently Proposed Cybersecurity Rules
On June 13, 2023, the Office of Management and Budget released its Spring 2023 Unified Agenda of Regulatory and Deregulatory Actions, which includes updates on Securities and Exchange Commission (“SEC”) proposed rules. The SEC pushed back its estimate for the final action date to October 2023 for its proposed cybersecurity rules related to public companies, as well as for its investment advisers and funds proposal. Notably, the SEC’s timelines are typically estimates for implementation, and the proposed rules could be introduced sooner or later than these dates. However, the updated timeline indicates that the SEC is prioritizing finalizing its cybersecurity rules related to public companies and investment advisers and funds.
(more…)
Sonia Gupta Barros
Washington, D.C.
sbarros@sidley.com
Colleen T. Brown
Washington, D.C.
ctbrown@sidley.com
Charles A. Sommers
Washington, D.C.
csommers@sidley.com
Sasha Hondagneu-Messner
New York
shondagneumessner@sidley.com
European Parliament Adopts AI Act Compromise Text Covering Foundation and Generative AI
On 14 June 2023, the European Parliament adopted – by a large majority – its compromise text for the EU’s Artificial Intelligence Act (“AI Act”), paving the way for the three key EU Institutions (the European Council, Commission and Parliament) to start the ‘trilogue negotiations’. This is the last substantive step in the legislative process and it is now expected that the AI Act will be adopted and become law on or around December 2023 / January 2024. The AI Act will be a first-of-its-kind AI legislation with extraterritorial reach.
(more…)
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Lauren Cuyvers
Subhalakshmi Kumar
UK Sets Out It’s “Pro-Innovation” Approach To AI Regulation
On 29 March 2023, the UK’s Department for Science Innovation and Technology (“DSIT”) published its long awaited White Paper on its “pro-innovation approach to AI regulation” (the “White Paper”), along with a corresponding impact assessment. The White Paper builds on the “proportionate, light touch and forward-looking” approach to AI regulation set out in the policy paper published in July 2022. Importantly, the UK has decided to take a different approach to regulating AI compared to the EU, opting for a decentralised sector-specific approach, with no new legislation expected at this time. Instead, the UK will regulate AI primarily through sector-specific, principles based guidance and existing laws, with an emphasis on an agile and innovation-friendly approach. This is in significant contrast to the EU’s proposed AI Act which is a standalone piece of horizontal legislation regulating all AI systems, irrespective of industry.
(more…)
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Lauren Cuyvers
Zina Chatzidimitriadou
London
zchatzidimitriadou@sidley.com
Subhalakshmi Kumar
Upcoming Events
Resources