On September 28, the EU Commission published a Proposal for an Artificial Intelligence Liability Directive (AILD, or AI Liability Directive). The purpose of the Directive is to “improve the functioning of the internal market by laying down uniform rules for certain aspects of non-contractual civil liability for damage caused with the involvement of AI systems.”
On October 4, the EU Parliament voted to approve EU legislation that would standardize mobile charges to be USB Type-C starting in 2024. The legislation (which now only needs final approval by the EU Council) is intended to reduce e-waste, but also has significant implications on interoperability, especially for companies like Apple that make their own separate lightning chargers. Similar legislation for computer chargers may be forthcoming.
Also on October 4, the White House Office of Science and Technology Policy (OSTP) released a “Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People” describing five principles to “guide the design, use, and deployment of automated systems.” The OSTP has described the Blueprint as a non-binding “white paper” instead of official guidance. The Blueprint was also accompanied by a companion document, “From Principles to Practice: A Technical Companion to the Blueprint for an AI Bill of Rights.”
In Canada, the Edmonton police service has begun using DNA phenotyping to create computer-generated images of suspects. On October 4, Edmonton detectives utilized the Snapshot DNA Phenotyping Service from Parabon NanoLabs, a US-based DNA technology company. However, pushback led them to retract the computer-generated suspect image they had released two days later.
On October 5, Joseph Sullivan, former chief security officer of Uber, was convicted of obstruction of proceedings and misprision of a felony regarding an attempted cover-up of a 2016 hack of Uber. He now faces a maximum of five years in prison for obstruction and three years for misprision. This is one of the first instances of criminal charges in response to a data breach. The case is U.S. v. Sullivan (9th Cir. 2022).
On October 7, President Biden signed an executive order directing the steps the US will take to institute the pending EU-US Data Privacy Framework. While some US parties seem optimistic about the draft, other EU parties like data privacy activist Max Schrems are less so.
Pending Cases
The Supreme Court is scheduled to hear Gonzalez v. Google LLC (9th Cir. 2021) in its current term, a case about whether Section 230(c)(1) of the Communications Decency Act “immunizes interactive computer services when they make targeted recommendations of information provided by another information content provider, or only limits the liability of interactive computer services when they engage in traditional editorial functions (such as deciding whether to display or withdraw) with regard to such information.” The case was accepted by SCOTUS even though there is not a clear circuit split indicating a particular point of view.
Gonzalez v. Google comes on the heels of two appellate court decisions about content moderation that have not been granted certiorari by SCOTUS, but which some think might in the future. They are NetChoice, LLC v. Attorney General, State of Florida (11th Cir. 2022), which struck down a Florida law restricting social media platforms’ ability to moderate content, and NetChoice v. Paxton (5th Cir. 2022), which conversely upheld a similar law in Texas.
There is a pending data protection case before the Court of Justice of the EU (CJEU) regarding the scope of damages for GDPR violations: UI v. Österreichische Post AG. An Advocate-General Opinion was issued on October 6 before the CJEU issues a final judgment: an analysis of the opinion by Max Schrems’ group noyb can be found here.
US “crypto policy advocacy group” Coin Center is suing the Department of Treasury’s Office of Foreign Asset Control (OFAC) over its sanctions of cryptocurrency mixer Tornado Cash. Complaint linked here; Ori Freiman’s take here.
Upcoming Events
On November 2 at 5 pm EST, the Engelberg Center will host “FemTech and Privacy: Striking the Balance in a Post-Dobbs Reality,” a conversation exploring how FemTech data can be used, and the privacy laws and legislation that can be leveraged to protect users. The event will be in-person in Greenberg Lounge, Vanderbilt Hall. RSVP and more information here.
(Compiled by Student Fellow Toni Xu)