Home Page | Data Matters Privacy Blog

Data Matters
Cybersecurity, Privacy, Data Protection, Artificial Intelligence, Internet Law, and Policy

On October 28, 2024, the U.S. Department of the Treasury (Treasury) released the Final Rule for its new regulations prohibiting or requiring notification of U.S. outbound investments in certain Chinese-affiliated companies in the semiconductor and microelectronics, quantum information technology, and artificial intelligence (AI) sectors. The Final Rule will take effect on January 2, 2025.

(more…)

Dec 102024

Rising AI Enforcement: Insights From State Attorney General Settlement and U.S. FTC Sweep for Risk Management and Governance

AI, Enforcement, FTC, State Privacy Laws

Colleen Theresa Brown, Christina C. Koenig, Benjamin M. Mundel, Lauren Freeman and Garrett Lance

Recent enforcement actions by both state and federal law enforcement signal that companies that make or use artificial intelligence products are facing increased scrutiny under existing unfair and deceptive acts and practices laws. Several late-2024 examples present important insights for companies navigating how to effectively and legally implement artificial intelligence technologies in their businesses.

(more…)

Nov 212024

Biometric Litigation Risks Endure Even Post BIPA Amendment

Biometrics, Litigation, State Privacy Laws

Kathleen Carlson, Lawrence P. Fogel, Colleen Theresa Brown and Andrew F. Rodheim

Enacted in 2008, the Illinois Biometric Information Privacy Act (“BIPA”) regulates the collection and possession of biometric data by private entities operating in Illinois. Biometric data includes, for example, fingerprints, voiceprints, eye scans, and face/hand scans. Notably, BIPA establishes a private right of action, allowing any person to seek damages, attorneys’ fees, and injunctive relief if the person has been aggrieved by a BIPA violation. The statutory damages for BIPA violations are steep, including $1,000 to $5,000 per violation, attorneys’ fees and costs, and the possibility of injunctive relief.

(more…)

Nov 132024

FY2024 in Review: SEC Enforcement Actions Against Investment Advisers to Private Funds, Registered Funds, and Retail Clients

AI, Enforcement

W. Hardy Callcott, Stephen L. Cohen, Chuck Daly, Ranah Esmaili, Lara Mehraban, Ashley C. Pfeiffer and Sarah K. Gromet

In its 2024 fiscal year, the U.S. Securities and Exchange Commission brought over 130 enforcement actions against investment advisers and their representatives. This post highlights the key areas of focus and notable actions and litigation from the past fiscal year.

Please click here to view the full Sidley Update.

Oct 302024

Massachusetts’ Highest Court Signals Willingness to Scrutinize State Wiretapping Laws and Knock Out Claims at the Pleading Stage

Litigation, Online Privacy, State Privacy Laws

Amy P. Lally, Jack W. Pirozzolo, Ian M. Ross, Colleen Theresa Brown, Sheri Porath Rockwell and Kseniya K. Belysheva

For the past few years, hundreds of companies have been caught in a wave of privacy class actions relying on decades-old wiretapping laws to attack modern website technologies and business tools. Last week, Massachusetts’s highest court engaged in a thorough assessment of that state’s wiretap law and rejected plaintiff’s argument that commonly used website advertising and analytical tools intercepted “communications” in violation of the law. The basis for the suit is not novel — hundreds of similar cases have been filed in the past few years. But the Supreme Judicial Court’s willingness to engage in a deep analysis of the wiretapping law early in the case is noteworthy.

(more…)

Oct 282024

CFPB Releases Final Rule on Personal Financial Data Rights

CFPB, Financial Privacy

Joel D. Feinberg, David E. Teitelbaum and Stanley J. Boris

On October 22, 2024, the U.S. Consumer Financial Protection Bureau (CFPB) issued a final rule under Section 1033 of the Consumer Financial Protection Act of 2010.¹ The final rule includes several important changes from the proposed rule. This client alert focuses on those changes. For an analysis of the proposed rule, please see our Sidley Update here. The final rule also includes hundreds of pages of Supplementary Information that provide important insights into the manner in which the CFPB will enforce the final rule.

(more…)

Oct 172024

Second Circuit Offers Guidance on Meaning of “Consumer” Under the U.S. Video Privacy Protection Act

Litigation, Online Privacy

Amy P. Lally and Ian M. Ross

Yesterday, in Salazar v. National Basketball Association, the Second Circuit Court of Appeals reversed a district court’s dismissal of a putative class action under the Video Privacy Protection Act (VPPA), offering an interpretation of the VPPA’s definition of “consumer” that differs from how the majority of courts have used that term.

(more…)

Oct 92024

Top Trends in the European Digital Health/AI Market

AI, EU, Health Privacy, International

Josefine Sommer, Eva von Mühlenen and Francesca Blythe

Digital health AI technologies are transforming the advancement of drug development and healthcare delivery at an unprecedented speed, backed by governments facilitating the momentum to improve healthcare for their growing populations. Sidley’s European life sciences lawyers Josefine Sommer, Eva von Mühlenen, and Francesca Blythe share a timely take on the top 5 life sciences industry trends being shaped by pioneering digital technologies. We are delighted to present a series of insightful interviews with leaders from a diverse digital health ecosystem giving their perspectives from Roche, Origen Genetics, FemTech Insights, Verge, Steto, and Clario.

(more…)