Technology

Subscribe to Technology via RSS

The Internet of Things (IoT) represents a transformative shift in how consumers interact with technology, integrating physical devices with sophisticated services to create interconnected ecosystems. As the adoption of IoT devices skyrockets, with projections estimating 75 billion connected devices by 2025, the legal landscape surrounding these hybrid transactions — comprising goods, software, and services — remains unsettled. Traditional legal frameworks, such as the Uniform Commercial Code (UCC), struggle to address the complexities of IoT transactions. Consumer advocacy groups are increasingly calling for regulatory intervention to protect consumers from emerging issues, considering a legislative landscape that is not keeping pace with rapidly evolving technology.

Introduction

The National Defense Authorization Act (NDAA) for 2025 includes a mandate that contractors furnish information and documentation to enable the military to modify and repair equipment and systems. Not surprisingly, industry is pushing back on that mandate. On September 25, Senator Elizabeth Warren (D-MA) sent a letter to various industry associations, questioning their motives to prevent a right-to-repair requirement that the Senate included in its proposed defense budget for fiscal year (FY) 2025. Warren also sent a separate letter to Secretary of Defense Lloyd Austin, expressing concern about contractual restrictions that void contractor warranties when third parties perform repairs and that prevent access to operations, maintenance, integration, and training data.

On September 23, Principal Deputy Assistant Attorney General Nicole M. Argentieri announced that the U.S. Department of Justice (DOJ) updated its guidance on the Evaluation of Corporate Compliance Programs (ECCP). The DOJ’s ECCP serves as a roadmap for federal prosecutors to use when evaluating the effectiveness of corporate compliance programs. Therefore, companies should also pay close attention to this guidance when reviewing their compliance programs. Ultimately, a company’s efforts to design, regularly evaluate, and update its compliance program in line with this guidance could inform criminal investigations, charging decisions, and case resolutions.

Published in Law360 on September 27, 2024. © Copyright 2024, Portfolio Media, Inc., publisher of Law360. Reprinted here with permission.

On Sept. 18, Texas Attorney General Ken Paxton announced a settlement with healthcare technology company Pieces Technology pursuant to the Texas Deceptive Trade Practices-Consumer Protection Act.

On September 9, Colorado Attorney General (AG) Phil Weiser issued a public advisory warning voters about the dangers of election misinformation and disinformation in the form of realistic-looking images, videos, and audio created using artificial intelligence (AI), known as “deepfakes.” The advisory follows the May 2024 enactment of HB24-1147, an act designed to prevent a broad range of actors from using deepfakes depicting candidates in political communications without properly disclosing the untruthful nature of the communication to voters.

Dear Mary,

Each of the 50 states has its own definition of what constitutes a reportable data breach. For some, it requires “unauthorized access” to personal information. For others, it requires “unauthorized acquisition.” And then, some states have further qualifications to their definition, such as whether that unauthorized access or acquisition “compromises” or “materially compromises” the integrity, security, or confidentiality of the data. No states (apart from New York) define access or acquisition, and no state defines compromise vs. material compromise. How would you suggest analyzing all these varying terms?

– Patchwork

In 2024, the landscape of state attorneys general (AGs) is poised for significant change, with numerous elections and regulatory actions reshaping priorities and enforcement strategies. This dynamic environment reflects the critical role AGs play in addressing key issues across various sectors, from environmental regulations and consumer protection to health care and privacy. As state AGs continue to influence policy and legal frameworks, their actions will have far-reaching implications for businesses and consumers alike. Troutman Pepper’s State AG team is pleased to provide you with this mid-year review summarizing the activities in this regulatory space over the past six months.

On May 17, 2024, Colorado Governor Jared Polis signed into law Senate Bill 24-205, the Colorado Artificial Intelligence (AI) Act, making Colorado the first U.S. state to enact comprehensive legislation regulating the use and development of AI systems. The act is designed to regulate the private-sector use of AI systems, particularly addressing the risk of algorithmic discrimination arising from the use of so-called “high-risk AI systems.” The law will take effect on February 1, 2026, and the Colorado attorney general (AG) has exclusive enforcement authority.