Tech & Sourcing @ Morgan Lewis

TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
The UK government published a white paper on March 29 setting out a “pro-innovation” UK regulatory framework for artificial intelligence (AI). The framework centers upon five cross-sectoral principles, of which implementation will be context-specific to the use of AI, rather than the technology itself. The government does not propose introducing a new regulator or any new legal requirements on businesses, instead leveraging existing powers of UK regulators and their domain-specific expertise.
The European Union’s General Data Protection Regulation (GDPR) requires companies to monitor and comply with some of the strictest privacy laws in effect. Now, the European Commission is refocusing efforts and oversight on ongoing investigations under the GDPR. Going forward, companies may want to focus even more intently on their compliance as the EU steps up investigatory procedures.
The California Privacy Rights Act (CPRA) and Virginia Consumer Data Protection Act (VCDPA) took effect on January 1, 2023, establishing some of the most comprehensive consumer privacy rights within the United States. In this post we highlight these changes in law and provide a checklist to help companies comply with these new legal challenges.
In our June 2021 blog post, Study Analyzes Costs of a Data Breach, we discussed the Ponemon Institute’s report setting forth a vast dataset that analyzed data breaches at hundreds of organizations to spot trends and developments in security risks and best practices. With the calendar turning to 2023, this blog looks at the increased costs of data breaches in 2022 to anticipate how negotiations for liability caps of such breaches may evolve in the new year.
Following up on our April 27, 2022 post, Data Scraping Deemed Legal in Certain Circumstances, the most significant data scraping lawsuit has finally come to an end. After six years of litigation, LinkedIn Corp. and hiQ Labs, Inc. reached a confidential settlement agreement and filed a stipulation and proposed consent judgment (stipulation) with the California district court on December 6, 2022. The stipulation includes, among other things, a $500,000 judgment entered against hiQ, establishment of hiQ’s liability under California common law torts of trespass to chattels and misappropriation, and various forms of injunctive relief effectively prohibiting hiQ’s future ability to data scrape LinkedIn.
Despite general awareness regarding phishing (we have written about phishing in a prior post), it still remains one of the most common ways to accomplish cyberattacks. It should be no surprise that cybercriminals are constantly coming up with more elaborate and sophisticated ways to gain access to sensitive systems and data. A recent CIO.com article lists three measures designed to deter phishing and related attacks, which we have summarized below.
The White House Office of Science and Technology recently published The Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People (the Blueprint), a set of five principles to help guide designers, developers, and deployers of AI in the design, use, and deployment of automated systems with the goal of protecting the public’s rights.
Spotlight
US President Joseph Biden issued an Executive Order On Enhancing Safeguards for United States Signals Intelligence Activities on October 7, which establishes safeguards relating to the handling of personal information in the course of signals intelligence activities. In this edition of our Spotlight Series, we welcome Morgan Lewis special legal consultant Dr. Axel Spies, based in Washington, DC, to discuss the scope of this Executive Order and its implications.
Please join us on Thursday, October 27, 2022, at 3:00 pm ET as Morgan Lewis partner Jacob Harper and associates Tesch Leigh West and Sydney Swanson discuss the importance of managing and protecting healthcare data while controlling costs and coordinating care. Topics will include the different types of data sharing agreements and implications of HIPAA and the Anti-Kickback Statute.
In June 2022, the UK government published its cross-government UK Digital Strategy for creating a world-leading environment in which to grow digital businesses. The Digital Strategy brings together various initiatives on digitalization and data-driven technologies, including the National AI Strategy. The government states that it is actively seeking to grow expertise in deep technologies of the future, such as artificial intelligence, next generation semiconductors, digital twins, autonomous systems, and quantum computing.