On October 16, 2024, the New York Department of Financial Services (“NYDFS”) issued an industry letter (the “Guidance”) highlighting the cybersecurity risks arising from the use of artificial intelligence (“AI”) and providing strategies to address these risks. While the Guidance “does not impose any new requirements,” it clarifies how Covered Entities should address AI-related risks
Inside Privacy
Updates on developments in data privacy and cybersecurity
Blog Authors
Latest from Inside Privacy
EU Commission Publishes Report Assessing EU Consumer Laws and Paves Way for New and Stronger EU Consumer Law for the Digital Space
On October 3, 2024, the European Commission published a report evaluating the effectiveness of existing EU consumer protection laws in protecting consumers in the digital space. More specifically, the report assesses the effectiveness of the following three consumer protection laws: (i) the Unfair Commercial Practices Directive (“UCPD”); (ii) the Consumer Rights Directive (“CRD”); and (iii)…
California Enacts Health AI Bill and Protections for Neural Data
On September 28, California’s governor signed a number of bills into law, including to regulate health care facilities’ use of artificial intelligence (“AI”). This included AB 3030, which regulates certain California-licensed health care facilities’ use of AI and SB 1223, which amends the California Consumer Privacy Act (CCPA) to cover “neural data.” We…
The EU Considers Changing the EU AI Liability Directive into a Software Liability Regulation
Now that the EU Artificial Intelligence Act (“AI Act”) has entered into force, the EU institutions are turning their attention to the proposal for a directive on adapting non-contractual civil liability rules to artificial intelligence (the so-called “AI Liability Directive”). Although the EU Parliament and the Council informally agreed on the text of the proposal…
FTC Reaches Settlement with NGL Labs Over Children’s Privacy & AI
On July 9, 2024, the FTC and California Attorney General settled a case against NGL Labs (“NGL”) and two of its co-founders. NGL Labs’ app, “NGL: ask me anything,” allows users to receive anonymous messages from their friends and social media followers. The complaint alleged violations of the FTC Act, the Restore Online Shoppers’ Confidence…
Council of Europe Adopts International Treaty on Artificial Intelligence
On May 17, 2024, the Council of Europe adopted the Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law (the “Convention”). The Convention represents the first international treaty on AI that will be legally binding on the signatories. The Convention will be open for signature on September 5, 2024.
The…
Italy Proposes New Artificial Intelligence Law
On May 20, 2024, a proposal for a law on artificial intelligence (“AI”) was laid before the Italian Senate.
The proposed law sets out (1) general principles for the development and use of AI systems and models; (2) sectorial provisions, particularly in the healthcare sector and for scientific research for healthcare; (3) rules on the…
EHDS Series – 4: The European Health Data Space’s Implications for “Wellness Applications” and Medical Devices
In early March 2024, the EU lawmakers reached agreement on the European Health Data Space (EHDS). For now, we only have a work-in-progress draft version of the text, but a number of interesting points can already be highlighted. This article focuses on the implications for “wellness applications” and medical devices; for an overview of the EHDS…
EFPIA Issues Statement on Application of the AI Act in the Medicinal Product Lifecycle
On April 22, 2024, the European Federation of Pharmaceutical Industries and Associations (“EFPIA”) issued a statement on the application of the AI Act in the medicinal product lifecycle. The EFPIA statement highlights that AI applications are likely to play an increasing role in the development and manufacture of medicines. As drug development is already governed…
EHDS Series – 3: The European Health Data Space from the Health Data User’s Perspective
In early March 2024, the EU lawmakers reached agreement on the European Health Data Space (EHDS). For now, we only have a work-in-progress draft version of the text, but a number of interesting points can already be highlighted. This article focusses on the obligations of data users; for an overview of the EHDS generally, see…