Privacy & Information Security Law Blog

On June 11, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response (the “Response”) to the European Commission’s consultation regarding its white paper on “a European Approach to Excellence and Trust” on artificial intelligence (the “White Paper”).

On April 28, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP submitted formal comments to the European Commission’s consultation on its roadmap for the two-year evaluation of the EU General Data Protection Regulation (“GDPR”) (the “Response”).

On March 12, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP submitted formal comments to the Office of the Privacy Commissioner of Canada (“OPC”) in response to its proposals for ensuring appropriate regulation of artificial intelligence (“AI”).

On March 12, 2020, the Washington State Legislature passed SB 6280, which establishes safeguards for the use of facial recognition technology by state and local government agencies. Its stated goal is to allow the use of facial recognition services in ways that benefit society, but prohibit uses that put freedoms and civil liberties at risk.

On March 10, 2020, the Vermont Attorney General filed a lawsuit against Clearview AI (“Clearview”), alleging that Clearview violated Vermont’s consumer protection law and data broker law. We previously reported on Vermont’s data broker law, which was the first data broker legislation in the U.S.

Hunton’s Centre for Information Policy Leadership (“CIPL”) reports on the top privacy-related priorities for this year:

1.  Global Convergence and Interoperability between Privacy Regimes

Around the world, new privacy laws are coming into force and outdated laws continue to be updated: the EU General Data Protection Regulation (“GDPR”), Brazil’s Lei Geral de Proteção de Dados Pessoais (“LGPD”), Thailand’s Personal Data Protection Act, India’s and Indonesia’s proposed bills, California’s Consumer Privacy Act (“CCPA”), and the various efforts in the rest of the United States at the federal and state levels. This proliferation of privacy laws is bound to continue.

On March 12, 2020, the Centre for Information Policy Leadership (“CIPL”), in collaboration with Hunton Andrews Kurth LLP, published its legal note, “Artificial Intelligence and Data Protection: How the GDPR Regulates AI.”

On February 27, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP published the second report in its project on Artificial Intelligence (“AI”) and Data Protection: Delivering Sustainable AI Accountability in Practice.

On February 19, 2020, the Information Commissioner's Office (“ICO”) launched a consultation on its draft AI auditing framework guidance for organizations (“Guidance”). The Guidance is open for consultation until April 1, 2020 and responses can be submitted via the ICO’s online survey.

On February 19, 2020, the European Commission (“the Commission”) published a White Paper entitled “a European Approach to Excellence and Trust” on artificial intelligence (“AI”). This followed an announcement in November 2019, from the Commission’s current President, Ursula von der Leyen, that she intended to propose rules to regulate AI within the first 100 days of her Presidency, which commenced on December 1, 2019. This White Paper was published alongside the Commission’s data and digital strategies for Europe.

On February 19, 2020, the European Commission (the “Commission”) released a suite of documents including its White Paper on Artificial Intelligence (“AI”), entitled “a European approach to excellence and trust.” In addition, the Commission published two communications—its European strategy for data and a Digital Strategy document entitled “Shaping Europe’s Digital Future.”

On January 30, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP submitted formal comments to the Department of Telecommunications at the Brazilian Ministry of Science, Technology, Innovations and Communications (“MCTIC”) on its public consultation on creating a national Artificial Intelligence (“AI”) strategy for Brazil (the “Consultation”).

The U.S. Chamber’s Technology Engagement Center (“C_TEC”) and Center for Global Regulatory Cooperation (“GRC”) recently released a set of ten principles essential for attaining the full potential of AI technologies.

The principles, drafted with input from more than 50 Chamber member companies, stress the importance of creating a sensible and innovation-forward approach to addressing the challenges and opportunities presented by AI.

On July 29, 2019, the UK Information Commissioner’s Office (“ICO”) announced the 10 projects that it has selected, out of 64 applicants, to participate in its sandbox. The sandbox, for which applications opened in April 2019, is designed to support organizations in developing innovative products and services with a clear public benefit. The ICO aims to assist the 10 organizations in ensuring that the risks associated with the projects’ use of personal data is mitigated. The selected participants cover a number of sectors, including travel, health, crime, housing and artificial intelligence.

On July 4, 2019, the European Commission published a factsheet on artificial intelligence (“AI”) for Europe (the “Factsheet”). In the Factsheet, the European Commission underlines the importance of AI and its role in improving people’s lives and bringing major benefits to the society and economy. In addition, the Factsheet also describes the EU’s role in AI and the financial investments the Commission is planning to make in AI. The factsheet also includes some examples of projects conducted by the Commission in AI (including in agriculture, data and eHealth, public administration and services, and transport and manufacturing).

The Illinois legislature recently passed the Artificial Intelligence Video Interview Act, which prohibits an Illinois employer from using artificial intelligence (“AI”) to evaluate job interview videos unless the employer complies with certain requirements.

During the week of April 1, 2019, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP hosted its annual executive retreat in Washington, D.C. (the “Retreat”). During the Retreat, CIPL held a full-day working session on evolving technologies and a new U.S. privacy framework followed by a closed members only half-day roundtable on global privacy trends with special guest Helen Dixon, Data Protection Commissioner of Ireland.

On April 8, 2019, the European Commission High-Level Expert Group (the “HLEG”) on Artificial Intelligence released the final version of its Ethics Guidelines for Trustworthy AI (the “Guidelines”). The Guidelines’ release follows a public consultation process in which the HLEG received over 500 comments on its initial draft version. The Centre for Information Policy Leadership at Hunton Andrews Kurth LLP contributed its own comments during this process.

On February 12, 2019, the European Data Protection Board (the “EDPB”) released its work program for 2019 and 2020 (the “Work Program”). Following the EDPB’s endorsement of the Article 29 Working Party guidelines and continued guidance relating to new EU General Data Protection Regulation (“GDPR”) concepts, the EDPB plans to shift its focus to more specialized areas and technologies.

On January 25, 2019, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted formal comments to the International Conference of Data Protection and Privacy Commissioners (the “International Conference”) on its Declaration on Ethics and Data Protection in Artificial Intelligence (the “Declaration”). The Declaration was adopted by the International Conference on October 23, 2018, for public consultation.

On January 16, 2019, Hunton Andrews Kurth hosted a breakfast seminar in London, entitled “GDPR: Post Implementation Review.” Bridget Treacy, Aaron Simpson and James Henderson from Hunton Andrews Kurth and Bojana Bellamy from the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth discussed some of the challenges and successes companies encountered in implementing the EU General Data Protection Regulation (the “GDPR”), and also identified key data protection challenges that lie ahead. The Hunton team was joined by Neil Paterson, Group Data Protection Coordinator of TUI Group; Miles Briggs, Data Protection Officer of TUI UK & Ireland; and Vivienne Artz, Chief Privacy Officer at Refinitiv, who provided an in-house perspective on the GDPR.

The Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP recently published the first report in its project on Artificial Intelligence (“AI”) and Data Protection: Delivering Sustainable AI Accountability in Practice.