Privacy & Data Security

Subscribe to Privacy & Data Security

Last week, the Federal Communications Commission (“FCC”) released an Order and Notice of Proposed Rulemaking (“NPRM”) that could have significant compliance implications for all holders of international Section 214 authority (i.e., authorization to provide telecommunications services from points in the U.S. to points abroad), as well as all entities holding an ownership interest in these carriers. The item requires all holders of international Section 214 authority to respond to a one-time information request concerning their foreign ownership and proposes sweeping changes to the agency’s licensing rules for such licensees.

Although the FCC’s information request may be more relevant in the near term, it is a limited one-time requirement. By contrast, the rule changes on which the FCC seeks comment are far-reaching and, if adopted as written, could result in significant future compliance burdens, both for entities holding international Section 214 authority, as well as the parties holding ownership interests in these entities.

The FCC’s latest actions underscore the agency’s ongoing desire to closely scrutinize foreign ownership and involvement in telecommunications carriers serving the U.S. market, as well as to play a more active role in cybersecurity policy. These developments should be of interest to any carrier that serves the U.S. market and any financial or strategic investor focused on the telecommunications space, as well as other parties interested in national security developments affecting telecommunications infrastructure.

Continue Reading FCC Steps Up Review of Foreign Ownership in Telecom Carriers; Proposes Cybersecurity Mandates

On 29 March 2023, the UK Information Commissioner’s Office (“ICO”) published updated Guidance on AI and data protection (the “Guidance”) following “requests from UK industry to clarify requirements for fairness in AI”. AI has been a strategic priority for the ICO for several years. In 2020, the ICO published its first set of guidance on AI (as discussed in our blog post here) which it complemented with supplementary recommendations on Explaining Decisions Made with AI and an AI and Data Protection risk toolkit in 2022. The updated Guidance forms part of the UK’s wider efforts to adopt a “pro-innovation” approach to AI regulation which will require existing regulators to take responsibility for promoting and overseeing responsible AI within their sectors (for further information on the UK Government’s approach to AI regulation, see our blog post here).

The updated Guidance covers the ICO’s view of best practice for data protection-compliant AI, as well as how the ICO interprets data protection law in the context of AI systems that process personal data. The Guidance has been restructured in line with the UK GDPR’s data protection principles, and features new content, including guidance on fairness, transparency, lawfulness and accountability when using AI systems.

Continue Reading UK ICO Updates Guidance on Artificial Intelligence and Data Protection

Today, the National Telecommunications and Information Administration (NTIA) released its first Notice of Funding Opportunity for development of next-generation wireless infrastructure under the new Public Wireless Supply Chain Innovation Fund (“Innovation Fund”).  According to NTIA’s announcement, this first tranche of funding will include up to $140.5 million in grants, ranging from $250,000 to $50 million, specifically to support expanded testing and evaluation of the performance, security, or interoperability of open, interoperable (“open-RAN”) wireless networks.  Companies (both for- and nonprofit), higher education institutions, industry groups, and consortia of multiple organizations are eligible to apply.

Continue Reading Commerce Department Issues First Funding Notice for Wireless Innovation Fund

U.S. federal agencies and working groups have promulgated a number of issuances in January 2023 related to the development and use of artificial intelligence (“AI”) systems.  These updates join proposals in Congress to pass legislation related to AI.  Specifically, in January 2023, the Department of Defense (“DoD”) updated Department of Defense Directive 3000.09 and the National Artificial Intelligence Research Resource (“NAIRR”) Task Force Final Report on AI; the National Institute of Standards and Technology (“NIST”) released its AI Risk Management Framework, each discussed below.

Continue Reading Roundup of January 2023 Artificial Intelligence Developments

This quarterly update summarizes key legislative and regulatory developments in the fourth quarter of 2022 related to Artificial Intelligence (“AI”), the Internet of Things (“IoT”), connected and autonomous vehicles (“CAVs”), and data privacy and cybersecurity.

Continue Reading U.S. AI, IoT, CAV, and Privacy Legislative Update – Fourth Quarter 2022

On November 3, the FTC announced that it entered into a significant $100 million settlement with Vonage to resolve allegations relating to the internet phone service provider’s sales and autorenewal practices. The FTC alleged that Vonage violated both the FTC Act and the Restore Online Shoppers’ Confidence Act (ROSCA) by failing to provide a simple cancellation mechanism, failing to disclose material transaction terms prior to obtaining consumers’ billing information, and charging consumers without consent.

Continue Reading FTC Flexes ROSCA Muscle with $100 Million “Dark Patterns” Settlement with Vonage

On September 12, 2022, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) published a Request for Information, seeking public comment on how to structure implementing regulations for reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”).  Written comments are requested on or before November 14, 2022 and may be submitted through the Federal eRulemaking Portal: http://www.regulations.gov.

Continue Reading CISA Requests Public Comment on Implementing Regulations for the Cyber Incident Reporting for Critical Infrastructure Act

This quarterly update summarizes key federal legislative and regulatory developments in the second quarter of 2022 related to artificial intelligence (“AI”), the Internet of Things, connected and automated vehicles (“CAVs”), and data privacy, and highlights a few particularly notable developments in U.S. state legislatures.  To summarize, in the second quarter of 2022, Congress and the Administration focused on addressing algorithmic bias and other AI-related risks and introduced a bipartisan federal privacy bill.

Continue Reading U.S. AI, IoT, CAV, and Data Privacy Legislative and Regulatory Update – Second Quarter 2022

            On April 28, 2022, Covington convened experts across our practice groups for the Covington Robotics Forum, which explored recent developments and forecasts relevant to industries affected by robotics.  Sam Jungyun Choi, Associate in Covington’s Technology Regulatory Group, and Anna Oberschelp, Associate in Covington’s Data Privacy & Cybersecurity Practice Group, discussed global regulatory trends that

There has been a substantial increase in the use of the Internet across the African continent, aided by ongoing investment into local digital infrastructure, reduction in the associated costs, and improved user access. This has allowed both individuals, and private and public entities, the ability to access, collect, process and/or disseminate personal data more easily,