Categories
Archives
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Data Matters
Cybersecurity, Privacy, Data Protection, Artificial Intelligence, Internet Law, and Policy
CFPB Releases Final Rule on Personal Financial Data Rights
On October 22, 2024, the U.S. Consumer Financial Protection Bureau (CFPB) issued a final rule under Section 1033 of the Consumer Financial Protection Act of 2010.1 The final rule includes several important changes from the proposed rule. This client alert focuses on those changes. For an analysis of the proposed rule, please see our Sidley Update here. The final rule also includes hundreds of pages of Supplementary Information that provide important insights into the manner in which the CFPB will enforce the final rule.
(more…)
Joel D. Feinberg
Washington, D.C.
jfeinberg@sidley.com
David E. Teitelbaum
Washington, D.C.
dteitelbaum@sidley.com
Stanley J. Boris
Washington, D.C.
sboris@sidley.com
Second Circuit Offers Guidance on Meaning of “Consumer” Under the U.S. Video Privacy Protection Act
Yesterday, in Salazar v. National Basketball Association, the Second Circuit Court of Appeals reversed a district court’s dismissal of a putative class action under the Video Privacy Protection Act (VPPA), offering an interpretation of the VPPA’s definition of “consumer” that differs from how the majority of courts have used that term.
(more…)
Amy P. Lally
Century City
alally@sidley.com
Ian M. Ross
Miami
iross@sidley.com
Top Trends in the European Digital Health/AI Market
Digital health AI technologies are transforming the advancement of drug development and healthcare delivery at an unprecedented speed, backed by governments facilitating the momentum to improve healthcare for their growing populations. Sidley’s European life sciences lawyers Josefine Sommer, Eva von Mühlenen, and Francesca Blythe share a timely take on the top 5 life sciences industry trends being shaped by pioneering digital technologies. We are delighted to present a series of insightful interviews with leaders from a diverse digital health ecosystem giving their perspectives from Roche, Origen Genetics, FemTech Insights, Verge, Steto, and Clario.
(more…)
Josefine Sommer
Brussels
jsommer@sidley.com
Eva von Mühlenen
Geneva
emuhlenen@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Compliance Programs Expected to Evolve With Technology: DOJ Updates Corporate Compliance Guidance to Include Artificial Intelligence
On September 23, 2024, the U.S. Department of Justice (DOJ) updated its Evaluation of Corporate Compliance Programs (the ECCP) to reflect DOJ’s evolving expectations with respect to corporate compliance programs, including how those programs appropriately address the compliance risks of new technology such as artificial intelligence (AI). While the ECCP is drafted as a guidance document for prosecutors to assess the effectiveness and adequacy of a company’s compliance program, the ECCP also is a tool for companies to conduct a similar assessment. With DOJ’s most recent update to this document, this tool now reflects DOJ’s focus on disruptive technology risks. This Update provides some general background on the ECCP and analyzes DOJ’s latest revisions to the ECCP, including the introduction of questions and considerations for companies concerning their use of new and emerging technology such as AI.
(more…)
Data Matters Contributors
sidleyprivacyblog@sidley.com
Advisor to the CJEU Confirms GDPR Fines For Subsidiary Infringements Should Reflect Group Turnover
On 12 September 2024, Advocate General Medina issued their Opinion in Case C-383/23 in which they confirmed that supervisory data protection authorities must, when calculating the fine for a GDPR infringement committed by a subsidiary, take into account the total annual turnover of the entire group—a concept known as parental liability.
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Anila Rayani
London
anila.rayani@sidley.com
U.S. Department of Commerce Issues Proposed Rule on ICTS Supply Chain for Connected Vehicles
On September 26, 2024, the U.S. Department of Commerce Bureau of Industry and Security (BIS) Office of Information and Communications Technology and Services (OICTS) published a long-awaited rule proposing to ban certain connected vehicles transactions involving hardware and software linked to the People’s Republic of China (China) and Russia. BIS also proposed extensive compliance obligations for importers and manufacturers of connected vehicles and related components, which come as the automotive industry continues to grapple with how to protect critical safety-related data as vehicle interconnectivity increases.
(more…)
Jen Fernandez
Washington, D.C.
jen.fernandez@sidley.com
Elyssa R. Kutner
Washington, D.C.
ekutner@sidley.com
Aaron L. Flyer
Heather Hedges
Sophia E. Wallach
Los Angeles
swallach@sidley.com
DOL Confirms Cybersecurity Guidance Applies to All Employee Benefit Plans
The U.S. Department of Labor (DOL) published Compliance Assistance Release No. 2024-01 on September 6, 2024. The release, titled “Cybersecurity Guidance Update,” clarifies that the cybersecurity guidance the DOL issued in April 2021 applies to all employee benefit plans, including health and welfare plans. The DOL states that since the guidance was published, service providers have told plan fiduciaries and Employee Benefits Security Administration (EBSA) investigators that the guidance applies only to retirement plans.
(more…)
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Beth J. Dickstein
Chicago
bdickstein@sidley.com
Mary C. Niehaus
Chicago
mniehaus@sidley.com
Madeline Clasen
Chicago
mclasen@sidley.com
Pharma Companies in Beijing Free Trade Zone to Benefit from Relaxed Data Transfer Rules
On August 30, 2024, the Beijing Municipal Cyberspace Administration, Beijing Municipal Commerce Bureau and Beijing Municipal Government Services and Data Administration Bureau jointly released the “Administrative Measures for the Data Exit Negative List of the China (Beijing) Pilot Free Trade Zone (Trial)” (Administrative Measures) and the “Data Exit Administration List (Negative List) of the China (Beijing) Pilot Free Trade Zone (2024 Edition)” (Negative List) to facilitate the export of important industry data and personal information out of the country by companies operating in the Beijing free trade zone (FTZ). (more…)
Lei Li
Beijing, Shanghai
lei.li@sidley.com
Lianying Wang
Beijing
lianying.wang@sidley.com
Upcoming Events
IAPP AI Governance Global Europe 2025
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Sharon R. Flanagan
sflanagan@sidley.com
David A. Gordon
dgordon@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Rollin A. Ransom
rransom@sidley.com
Alan Charles Raul
araul@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com