EU Blockchain Observatory and Forum explores the convergence of blockchain, AI, and the IoT

Cynthia O’DonoghueBy Cynthia O’Donoghue on Posted in Artificial Intelligence, Big Data, Regulatory

The European Union Blockchain Observatory and Forum, on 21 April, published a report examining how blockchain can be combined with two other important emerging technologies – the Internet of Things (IoT) and artificial intelligence (AI) – to complement each other and build new kinds of platforms, products, and services.

The report first looks at the interplay of blockchain with the IoT, addressing how blockchain can aid its functioning by providing a decentralised platform to the otherwise centralised approach of the IoT. This centralisation poses a number of challenges while monitoring, controlling, and facilitating communication between the millions of heterogeneous devices. The report highlights how blockchain can provide a more robust, more scalable, and more direct platform to overcome these challenges.

The report similarly delves into the potential relationship between blockchain and AI. It explains some concerns surrounding AI, like how it is currently concentrated in the hands of a few large companies due to the high cost of gathering, storing, and processing the large amounts of data, as well as engaging AI experts. It then illustrates how blockchain can mitigate such concerns so that access to AI models is more readily available to individuals and small companies.

Continue Reading

EDPB’s new guidelines relieve concerns over processing health data for scientific research

Cynthia O’DonoghueBy Cynthia O’Donoghue on Posted in COVID-19/Novel coronavirus, Privacy & Data Protection, Regulatory

The novel coronavirus pandemic has created an immediate and immense need for scientific research. Amid this urgency, the European Data Protection Board (EDPB), during its twenty-third plenary session held on April 21, adopted guidelines to shed light on legal questions concerning the use of health data (pursuant to article 4(15) of the General Data Protection Regulation (GDPR)) for such research purposes.

The guidelines reiterate that data protection rules do not hinder measures taken to combat the coronavirus outbreak and in fact provide special rules for the processing of health data for the purpose of scientific research (for instance, in article 9(2)(j) and article 89(2)) that will be applicable in the current crisis.

Data controllers and processors must respect the data protection principles set out in article 5 of the GDPR, and all processing of health data must comply with one of the legal grounds and the specific derogations listed respectively in articles 6 and 9 of the GDPR for the lawful processing of this special category of data. The guidelines specifically address the rules concerning consent and respective national legislation. It also spells out the important aspects of the article 5 principles. Continue Reading

Never forget a face: Potential impact of facial recognition and biometrics on the real estate world in response to COVID-19

Michael GaliboisKimberly GoldJim BarbutoDusty Elias KirkBy Michael Galibois, Kimberly Gold, Jim Barbuto, Dusty Elias Kirk and Jasmine Huff on Posted in COVID-19/Novel coronavirus, Privacy & Data Protection

The use of facial recognition and other biometric technologies by businesses, retailers, and landlords continues to grow and has found a new application in response to the COVID-19 pandemic. Proper implementation and management of these technologies can help increase security and limit physical contact. Real estate management firms and various businesses may be able to use these applications to prevent unauthorized building access, among other use cases. Certain touchless biometric applications also have the potential to identify individuals who may have COVID-19 through characteristics like their body temperature, which, in turn, could facilitate reopening businesses that can properly screen for and mitigate risks of COVID-19 exposure. However, businesses must consider consumer and employee privacy with the increased usage of contactless biometric technologies to address COVID-19-related challenges. Biometric privacy laws could increase tensions between privacy concerns stemming from the collection and sharing of biometric data, and growing interest in using biometric technologies for public safety to combat COVID-19. Businesses considering the use of biometrics will have a growing patchwork of state and federal laws to consider and with which to comply.

 Read more about biometric data and facial recognition in the real estate industry in our recent client alert

COVID-19 brings about a new reality for protecting company trade secrets and confidential information

William OverendJennifer DePriestAnette GaertnerBy William Overend, Jennifer DePriest and Anette Gaertner on Posted in COVID-19/Novel coronavirus, Intellectual Property

Companies and their workforces across the globe have been impacted by COVID-19 in ways that threaten critical trade secrets and other IP assets, and that require greater vigilance to protect them. The massive increase in the world’s remote workforce, as well as numerous terminations and furloughs, create a heightened risk of theft or inadvertent disclosure of key company assets. The crisis will bring out nefarious actors ranging from disgruntled employees to sophisticated hackers to foreign governmental entities looking to exploit systemic soft spots.

 With companies adjusting to a new normal of indefinite duration, it is critical that they adapt, implement, and enforce their trade secret and IP protection policies to address the realities of the COVID-19 business environment. We address specific risks attendant to conducting business through remote workforces in this alert.

The next frontier with cryptocurrencies

Douglas CherryPhilippa BeasleyBy Douglas Cherry and Philippa Beasley on Posted in In the Courts, Privacy & Data Protection

The Commercial Court held in AA v. Person Unknown [2019] EWHC 2556 (Comm) that a cryptocurrency such as bitcoin is a form of property capable of forming the subject of a proprietary injunction, in January. This is the first time the courts have applied the analysis set out in the UK Jurisdiction Taskforce’s legal statement on cryptoassets and smart contracts to a cryptocurrency.

This decision brings clarity regarding the status of cryptocurrencies as a form of property. However, the next frontier may require the courts to confront tricky legal issues resulting from the transnational nature of cryptocurrencies, such as jurisdiction, governing law and the legal position of currency exchanges. Resolution of these points may depend on the continuation of the approach from AA in terms of the adaption of existing legal principle to new technology.

 Read more about the decision here.

The immediate actions that a general counsel and their in-house legal team should take as a priority during a crisis

Howard Womersley SmithCynthia O’DonoghuePhilip ThomasKatalina BatemanBy Howard Womersley Smith, Cynthia O’Donoghue, Philip Thomas and Katalina Bateman on Posted in COVID-19/Novel coronavirus, Privacy & Data Protection, Tech & Outsourcing

All businesses are concerned with whether their revenue and custom will continue during a crisis.

When their services (more importantly those involving technology) depend on the use of third party suppliers, businesses should also think about their own ability to deliver.

Questions that business managers will be agonising over during a crisis include:

Will our suppliers deliver to the same standard of quality as before?

Will they deliver at all?

Will our organisation be able to pay for those services?

What should we do if any of these situations arise?

Whether your organisation is a customer of technology services or a supplier that relies on tech services to deliver its own products, those same business managers will be turning to their general counsel (GC) to help them understand the legal and contractual positions of their supply relationships.

This client alert explores the actions that a GC and their in-house legal team should take during a crisis.

Remember to consent in the time of COVID-19

Sarah BrunoCasey PerrinoJason GordonBy Sarah Bruno, Casey Perrino and Jason Gordon on Posted in COVID-19/Novel coronavirus, Privacy & Data Protection, Regulatory

In a world where we have been ordered to stay home and shelter in place to combat the spread of COVID-10 our children are now learning remotely. While it is fortunate that technology allows students to continue the school year at home, remote learning presents an obstacle where children’s privacy is concerned.

In the United States, the Children’s Online Privacy Protection Act (COPPA) governs the collection of personal information from children under the age of 13. It generally requires the provider of a website or online service directed at children to obtain “verifiable parental consent” before collecting any personal information from children. “Verifiable parental consent” can be obtained in a number of ways—for example, through a signed consent form that is returned via mail or electronic scan, or the use of a credit card or other online payment system that provides notification of each separate transaction to the account holder—but whatever method is used must be reasonably designed to ensure that the person giving the consent is the child’s parent or legal guardian. Continue Reading

Amendments to D.C.’s data breach law create new data security and breach notification obligations for businesses

Samuel F. CullariAlexis CoccoTaber RueterBy Samuel F. Cullari, Alexis Cocco and Taber Rueter on Posted in Privacy & Data Protection, Regulatory

On March 26, 2020, amendments to Washington, D.C.’s data breach notification law were enacted in bill number B23-0215.  Put briefly, the amendments impose various prevention, response, and mitigation obligations on businesses regarding data breaches that affect D.C. residents.  Below is a summary of the key changes of which businesses should be aware. Continue Reading

California relaxes key telehealth regulatory requirements during COVID-19 emergency

Kimberly GoldAlexis CoccoJames F. HennessyEmily LynchBy Kimberly Gold, Alexis Cocco, James F. Hennessy and Emily Lynch on Posted in COVID-19/Novel coronavirus, Data & Cyber Security, Privacy & Data Protection, Regulatory

On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to COVID-19. On April 3, 2020, California Governor Gavin Newsom issued Executive Order N-43-20 (the Order), which relaxes various telehealth reporting requirements, penalties, and enforcements otherwise imposed under state laws, including those associated with unauthorized access and disclosure of personal information through telehealth mediums.

As stated in the Order, which became effective immediately, telehealth services may help reduce the spread of COVID-19, and strict compliance with certain state telehealth requirements would otherwise “prevent, hinder, or delay appropriate actions to prevent and mitigate the effects of the COVID-19 pandemic.” The Order impacts certain health care facilities, health care providers, health care administrators, clinics, home health agencies, and  hospice providers, generally in instances where non-compliance occurs during the “good faith provision of telehealth services.”

Continue Reading

U.S. cybersecurity – points to remember when business is not as usual

Bart HuffmanGerard StegmaierDavid KroneHaylie TreasBy Bart Huffman, Gerard Stegmaier, David Krone and Haylie Treas on Posted in COVID-19/Novel coronavirus, Data & Cyber Security, Privacy & Data Protection

As the U.S. economy and educational system adapt to work and life at home, it is important to remember that cybersecurity (and related privacy) risks remain and are evolving. Remembering to think through measures that are in place to protect personal information, proprietary information, confidential information, and information needed for ongoing operations can help businesses avoid and mitigate these risks. Appropriate protective measures are specific to changing circumstances, but fortunately, guidance and helpful resources have quickly emerged. We have set forth below some important considerations in assessing administrative, technical, and contractual cybersecurity safeguards in virtual business and educational settings.

New tools bring new vulnerabilities

Many entities whose employees are now working from home for the first time are implementing new, sometimes expensive, tools to help their employees collaborate and maintain business operations. These new tools include videoconferencing, file-sharing, and other communication platforms. Even if the employer does not provide the tools, employees may find and use their own.

There are good reasons for implementing these tools at the business level, including consistent-use practices in the entity’s system, a process for regular software patches and updates, and discounted pricing. When selecting and implementing these tools, or modifying the manner and extent by which these tools will be used, it can be easy to overlook or minimize better practices for use of third-party information technology services: reasonable and appropriate diligence, contractual protections, and ongoing oversight and validation.

In addition, it is important to remember that the cybersecurity posture of many (if not most) online tools can vary widely depending on how the tool is configured, maintained, and used. This means considering whether the right virtual-IT skill set has been engaged and applied, and helping ensure that users have the information they need to make better privacy and data security decisions. Addressing these issues effectively can be especially challenging as work and learning environments change radically.

Continue Reading

LexBlog