UK Information Commissioner’s Office Publishes Draft Accountability Framework Tool

On 10 September 2020, the UK Information Commissioner’s Office (“ICO”) published its beta-phase “Accountability Framework” (“Framework”).  The Framework is designed to assist organisations, of any size and across all sectors, in complying with the accountability principle under the GDPR and in meeting the expectations of the ICO.

The Framework will help those within organisations who are responsible for implementing data protection compliance strategies.  The ICO envisages that organisations will use the Framework in conjunction with other relevant guidance and materials available from the ICO.  The ICO emphasises that each organisation must be mindful of its own circumstances when managing data protection risks, and that a “one size fits all” approach should not be adopted.

Continue Reading

Online Content Policy Modernization Act Duplicates Existing Senate Republican Proposal to Limit Section 230 Liability Protections

Another week, another proposal concerning Section 230 of the 1996 Communications Decency Act.  This week, Senator Lindsey Graham (R-SC) introduced the Online Content Policy Modernization Act, which primarily establishes an alternative dispute resolution program for copyright small claims.  Relevant to this blog, however, are the last three pages of the proposal, which limit civil liability protections of Section 230 and which are identical to the currently-pending Online Freedom and Viewpoint Diversity Act.  Senator Graham also sponsored that bill along with Senators Roger Wicker (R-MS) and Marsha Blackburn (R-TN).

The Online Content Modernization Act would “modify the scope of protection from civil liability for ‘good Samaritan’ blocking and screening of offensive material” under Section 230 of the 1996 Communications Decency Act.  The Republican bill is yet another in the growing list of proposals to amend Section 230’s scope this year, which also includes:  the identical Online Freedom and Viewpoint Diversity Act, which we analyzed here; the bipartisan Senate Platform Accountability and Consumer Transparency Act (“PACT ACT”), which we analyzed here; a different Senate Republican proposal and a Department of Justice report, both of which we analyzed here; and the Trump Administration’s executive order.

Continue Reading

FCC Releases Draft Order Formalizing “Team Telecom” Process

Last week, the Federal Communications Commission circulated a draft order that will formalize its coordination with what has been known as “Team Telecom”—the national security review process for foreign investments in U.S. telecommunications companies.  The draft order, which the FCC will consider for adoption at its September 30 Open Meeting, includes rules and procedures governing what has long been an informal process.

The FCC’s draft order adopts rules consistent with an April 4, 2020 Executive Order that rebranded the group of executive branch authorities long referred to as “Team Telecom” as the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector.  Despite the name change, Team Telecom will largely follow the existing review process; however, the new FCC rules do make a few key changes.  We highlight some of the basic changes below.

Continue Reading

FTC Provides Guidance on Use of AI and Algorithms

The FTC has recently provided new guidance on the use of AI and algorithms, including a blog post that focuses on the benefits and risks of AI.  Former FTC Commissioner Terrell McSweeny, AI Initiative Co-Chair Lee Tiedrich, and Jadzia Pierce discuss the post, along with other AI-focused guidance from the FTC, in The Journal of Robotics, Artificial Intelligence and Law.

Exploring the IoT Landscape: Highlights for the Upcoming ABA IoT Institute

On five consecutive Wednesdays beginning on September 2nd, the ABA will hold its 5th Annual IoT Institute, together with a session called Data, Data Everywhere, and Not a Chance to Think, addressing the intersection of the Internet of Things (IoT) and Artificial Intelligence (AI). Covington was scheduled to host the IoT Institute in our Washington, D.C., offices in April 2020, but the pandemic disrupted those plans. Adapting to the times, the IoT Institute will be a virtual event this year, and Covington lawyers will speak over the course of the conference on a broad range of topics important to companies developing, deploying and using IoT products and services. Our lawyers will bring their perspectives from both private practice and government service, and include:

  • Former Attorney General to the United States and Covington Partner Eric Holder, who will participate in a fireside chat with Jim Dempsey, Executive Director of the Berkeley Center for Law & Technology, on The Race Is On: Getting Ahead of Disinformation, Disruption, and Other Digital Threats to Elections (September 30).
  • Michael Chertoff, Senior Of Counsel to Covington, and former Secretary of the U.S. Department of Homeland Security, and Micaela McMurrough, Co-Chair of our Internet of Things Initiative and a former Military Intelligence Officer for the U.S. Army, who will engage in a fireside chat on IoT and National Security Issues (September 9).
  • Matthew DelNero, Co-Chair of our Communications & Media Industry Group, and former Chief of the FCC’s Wireline Competition Bureau, who will provide a briefing on Decoding 5G (September 2).
  • Sarah Wilson, Chair of our Product Safety Practice Group, and a former Judge of the U.S. Court of Federal Claims, who will provide a briefing on IoT Product Safety and Liability Risk Management – Strategies for Connected and Autonomous Products (September 2).
  • Suzanne Bell, Co-Chair of our Technology and IP Transactions Practice Group, who will share her views on IoT and Contracting (September 16).
  • During the AI and Robotics Institute held on Wednesdays in October immediately following these programs, our colleague John Buchanan, who will share his insights on Insuring Robots and AI Systems based on decades of experience representing insurance policyholders regarding major cyber breaches and novel technology risks (October 14).

Covington’s IoT Initiative has enjoyed contributing to the ABA’s IoT projects over the past few years. Our lawyers authored two chapters in the recent book The Internet of Things: Legal Issues, Policy, & Practical Strategies, where we covered IoT insurance issues and U.S. regulation of IoT products and services across federal agencies, and our colleague Michael Chertoff prepared the forward to that book. We look forward to sharing our experiences and perspectives at the virtual conferences this year.

Click here for more information about the ABA IoT National Institute conference or for registration details.

To see more about our global, cross-disciplinary IoT team and to explore our content, we invite you to visit our Internet of Things resource page and Connected and Autonomous Vehicles Toolkit.

AI Standards Update: NIST Solicits Comments on the Four Principles of Explainable Artificial Intelligence and Certain Other Developments

The National Institute of Standards and Technology (“NIST”) is seeking comments on the first draft of the Four Principles of Explainable Artificial Intelligence (NISTIR 8312), a white paper that seeks to define the principles that capture the fundamental properties of explainable AI systems.  NIST will be accepting comments until October 15, 2020.

In February 2019, the Executive Order on Maintaining American Leadership in Artificial Intelligence directed NIST to develop a plan that would, among other objectives, “ensure that technical standards minimize vulnerability to attacks from malicious actors and reflect Federal priorities for innovation, public trust, and public confidence in systems that use AI technologies; and develop international standards to promote and protect those priorities.”  In response, NIST issued a plan in August 2019 for prioritizing federal agency engagement in the development of AI standards, identifying seven properties that characterize trustworthy AI—accuracy, explainability, resiliency, safety, reliability, objectivity, and security.

NIST’s white paper focuses on explainability and identifies four principles underlying explainable AI.

Continue Reading

UK ICO publishes guidance on Artificial Intelligence

On July 30, 2020, the UK Information Commissioner’s Office (“ICO”) published its final guidance on Artificial Intelligence (the “Guidance”).  The Guidance sets out a framework for auditing AI systems for compliance with data protection obligations under the GDPR and the UK Data Protection Act 2018.  The Guidance builds on the ICO’s earlier commitment to enable good data protection practice in AI, and on previous guidance and blogs issued on specific issues relating to AI (for example, on explaining decisions on AI, trade-offs, and bias and discrimination, all covered in Covington blogs).

Continue Reading

The Legal Debate Over Net Neutrality Shifts to State Laws

A little over a month ago, the deadline for appealing the D.C. Circuit’s decision in Mozilla v. FCC expired.  The Mozilla decision upheld the FCC’s 2017 Restoring Internet Freedom Order (“Order”), which rolled back Obama-era net neutrality regulations to largely deregulate broadband internet service provider (“ISP”) practices.  No party sought Supreme Court review of the D.C. Circuit’s decision in Mozilla, ending the two-plus-year challenge of the FCC’s Order.  This has now prompted a shift in focus to the states.

A number of states enacted net neutrality laws in the wake of the FCC’s Order.  Most of these state laws sought to impose regulations akin to Obama-era net neutrality policies, including, for example, restrictions on certain network management practices such as throttling or paid prioritization.  Challenges to these state laws by broadband ISPs were held in abeyance pending the outcome of Mozilla.  Now that Mozilla has been resolved, questions have arisen as to whether and how these state challenges will continue, and what the outcomes will be.

California and Vermont are key states in the net neutrality debate, as both jurisdictions agreed to delay the enforcement of their net neutrality laws while Mozilla was pending.  Now that Mozilla is resolved, challenges to these laws have resumed.

In California, the U.S. Department of Justice (“DOJ”) and several broadband ISP trade associations filed new complaints and motions for preliminary injunction on August 5, 2020, reigniting litigation that has been dormant since October 2018.  California’s law would ban ISPs from blocking, engaging in paid prioritization, throttling, and/or zero-rating Internet traffic.  California’s law would also require ISPs to publicly disclose information regarding network management practices.

Also on August 5, 2020, the DOJ and several trade association co-plaintiffs renewed their challenges to Vermont’s net neutrality law.  Vermont’s law would prohibit state agencies from contracting with ISPs that do not certify their compliance with net neutrality guidelines.

State officials in both jurisdictions have decided to continue to forego enforcing their net neutrality laws until these renewed motions for preliminary injunctive relief have been resolved.

Four other states—Colorado, Maine, Oregon, and Washington—also have enacted some form of net neutrality law, and a number of other states have adopted net neutrality-minded resolutions or have legislation pending.  But, it is currently unclear whether laws in these jurisdictions will be enacted or challenged.

Although the Restoring Internet Freedom Order’s deregulatory regime remains in place, state laws could significantly affect the regulatory landscape if they survive legal challenge.  The upcoming election in November could also affect the situation, as changes in leadership in the White House, Congress, and/or the FCC could result in yet another new approach (or the return to an old approach) when it comes to net neutrality policy.

For now, the focus of the net neutrality debate is on the states, and the outcome of pending litigation in California and Vermont will likely shape—or foreclose—state regulation moving forward.  California’s net neutrality law, unlike Vermont’s, applies to all ISPs operating in the state, not just those seeking state contracts. The outcome of the litigation is also being closely watched for any broader implications as to the scope of state ability to regulate ISPs or other providers of services classified by the FCC as interstate information services. Thus, regardless of electoral outcomes, federal litigation over the California and Vermont net neutrality laws merits close attention.

FCC Seeks Comment on Section 230 Petition

FCC Chairman Pai announced today that the FCC would seek public comment on the Administration’s July 27 Petition for Rulemaking on Section 230 of the Communications Decency Act (CDA)—the law that to date has meant that social media companies, ISPs, and other “online intermediaries” have not been subject to liability for their users’ actions. Comments will be due on Wednesday, September 2 and reply comments will be due on Thursday, September 17.

While there is much that is novel about the Petition itself, the FCC’s decision to seek comment on it appears to follow standard operating procedures. At this point, there is no indication of whether the FCC will take more formal steps attempting to adopt any of the rules proposed by the Administration. Continue Reading

IoT Update: UN Takes the Driver’s Seat for International Regulations on Connected and Autonomous Vehicles Cybersecurity and Software Updates

On June 24, 2020, the United Nations Economic Commission for Europe (“UNECE”)* adopted two regulations that will have a significant impact on manufacturers of connected and autonomous vehicles (“CAVs”). These regulations impose obligations relating to cybersecurity and software updates for passenger cars, vans, trucks, and buses, while the cybersecurity regulations also reach light four-wheeler vehicles if equipped with automated driving functionalities from level 3 (conditional automation) onward. The regulations will enter into force in January 2021.

The European Union, South Korea, and Japan are expected to take steps to adopt these UNECE regulations in their respective national laws in the next couple of years. Given the widespread use of UN Regulations in the automotive sector globally, we anticipate that other countries will also adopt these regulations. Once implemented, any manufacturer that sells vehicles in the implementing countries must comply with the regulatory requirements, including by ensuring that its supply chain would not prevent compliance. As a result, the effects of the regulations are likely to flow down to vehicle manufacturers even in countries that do not adopt them, such as the United States. Continue Reading