Privacy & Data Security

            On April 28, 2022, Covington convened experts across our practice groups for the Covington Robotics Forum, which explored recent developments and forecasts relevant to industries affected by robotics.  Sam Jungyun Choi, Associate in Covington’s Technology Regulatory Group, and Anna Oberschelp, Associate in Covington’s Data Privacy & Cybersecurity Practice Group, discussed global regulatory trends that

The EU was particularly active in furthering its digital strategy in 2021, and will likely continue this high level of activity into 2022.  Below, we briefly summarize last year’s key legislative and regulatory updates from the EU across the following areas:

  1. data transfers;
  2. cookies (and alike) and unsolicited marketing communications;
  3. cybersecurity;
  4. open data;
  5. intermediary services;

Earlier this month, Covington’s Brussels, Frankfurt and London offices hosted a webinar on EU regulatory developments impacting connected and automated vehicles (CAVs). The seminar attracted participants from across the globe, predominantly from tech and automotive industries. This post features an overview of the introduction, and sections on data access and competition, data protection and cybersecurity. Part 2 will focus on other important CAV areas in the EU.
Continue Reading AI/IoT Update: Connected and Automated Vehicles Webinar Series: EU Key Developments PART 1

It is now four months after the General Data Protection Regulation (EU) 2016/679 (“GDPR”) came into force. One of its objectives is to create uniform standards for data protection in Europe and to adapt data protection to technical progress. In addition, the “Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications” (“E-Privacy Regulation“) was originally also to come into force as the successor to the corresponding Directive, though it now appears likely to come into force only in 2019. The E-Privacy Regulation is also an EU legal act which is directly applicable in the Member States without having to be transposed into national law. It is intended to protect both electronic communications content and electronic communications metadata as well as end-users‘ terminal equipment information. It is important to note that protection is not limited to personal data like in the GDPR – and therefore includes even more protected information and data. This post looks at the implications of the E-Privacy Regulation for IoT manufacturers starting with a short summary of the GDPR and some of its effects.

Continue Reading IoT Update: The E-Privacy Regulation – Impact on the IoT market

In April 2018, China released its nationwide automatic vehicle road testing rules, the Intelligent Internet-connected Vehicles Road Test Administrative Rules (for Trial Implementation) (the “National Rules”), which took effect on May 1, 2018. “Intelligent Internet-connected vehicles,” as defined under the National Rules, are commonly referred to as “intelligent vehicles” or “autonomous vehicles,” which involve a system of advanced sensors, controllers, actuators, etc. that may ultimately become a substitute for human drivers. The National Rules governs three categories of autonomous vehicles depending on the level of automation and human interaction required, i.e., conditional automation, high-level automation and full automation.

Prior to the release of the national Rules, selected Chinese cities including Beijing, Shanghai, Baoding and Chongqing had already implemented their own respective local road test rules for autonomous vehicles, and Shenzhen’s local proposals were at public consultation phase. The National Rules are largely consistent with the already existing various local rules, and provide an example for additional local governments to formulate their own detailed implementation rules.
Continue Reading IoT Update: China Releases National Automatic Vehicle Road Testing Rules

On April 25, 2018, the European Commission (EC) published its “Artificial Intelligence for Europe” communication (the Communication), in which it sets out a roadmap for its AI initiatives. Having acknowledged the crucial need for a boost of AI in the EU, the EC commits to supporting investment, (re)considering legislation and soft law initiatives, and coordinating Member States’ efforts. This blog post highlights some of the EC’s initiatives.
Continue Reading AI Update: European Commission Publishes Communication on Artificial Intelligence for Europe

Reflecting evidence from 280 witnesses from the government, academia and industry, and nine months of investigation, the UK House of Lords Select Committee on Artificial Intelligence published its report “AI in the UK: ready, willing and able?” on April 16, 2018 (the Report). The Report considers the future of AI in the UK, from perceived opportunities to risks and challenges. In addition to scoping the legal and regulatory landscape, the Report considers the role of AI in a social and economic context, and proposes a set of ethical guidelines. This blog post sets out those ethical guidelines and summarises some of the key features of the Report.
Continue Reading AI Update: House of Lords Select Committee publishes report on the future of AI in the UK

The UK government has published a Proposed Code of Practice for Security in Consumer IoT Products and Associated Services promoting a “secure by design” approach to designing, manufacturing and delivering internet-connected products and services. The Proposed Code forms part of the government’s National Cyber Security Strategy (2016-2021) and complements the government’s focus on making the UK a center of excellence for technological innovation through, amongst other things, its IoT UK Programme, funding research and innovation in IoT. While the Code was developed in consultation with industry, the UK government intends to make some of the guidelines enforceable through regulation. The government is seeking public comment on the Proposed Code through April 25.

The rapid proliferation of internet-connected products and services is providing exciting opportunities for business innovation and economic growth. However, it also brings concerns for governments and consumers about the potential cybersecurity risks. The UK government therefore is taking a close look at IoT devices and their associated security risks, including microphones or cameras recording individuals within their homes, compromised connected home-heating or appliances threatening physical safety, and hacked access control systems allowing burglars easy access to your home. It is against this backdrop that the government is encouraging industry to assist in combatting cybersecurity threats through the design and support of products and services.
Continue Reading Covington Internet of Things Update: “Secure by Design” – UK Government’s Proposed Code of Practice

At the start of 2018, we find ourselves in the midst of an autonomous vehicles revolution.  In the private sector, leading, and some nascent, autonomous mobility innovators have forged ahead with a surge of investment.  Last year, The Brookings Institution found that during a snapshot between 2014 and 2017, more than 160 investments worth more than $80 billion went toward the auto electronics, microchips, sensors, artificial intelligence and deep learning, digital mapping, ridesharing, physical systems, and other software needed to power autonomous mobility.

Some of the transactions were large (e.g., GM acquired Cruise Automation for $1 billion); many others registered relatively smaller blips on the radar (e.g., NVIDIA’s $5.25 million investment in Optimus Ride, or Ford’s $6.6 million investment in Civil Maps).  But the volume — and the acceleration of investment beginning in 2016 — speaks to a general dynamism in the autonomous mobility space.
Continue Reading Covington Internet of Things Update: Off to the races – How will policy shape autonomous vehicles tech in 2018?