A federal judge in the Northern District of California recently dismissed a class action complaint accusing Google of unlawfully wiretapping calls to Verizon’s customer service center through its customer service product, Cloud Contact Center AI.  See Ambriz v. Google, LLC, No. 3:23-cv-05437 (N.D. Cal. June 20, 2024).

Plaintiff Misael

Continue Reading California Federal Court Dismisses Complaint Accusing Google of Wiretapping Customer Service Calls

An Illinois federal court has dismissed a proposed class action alleging X Corp. violated the state’s Biometric Information Privacy Act (“BIPA”) through its use of PhotoDNA software to create “hashes” of images to scan for nudity and related content. The court held that Plaintiff failed to allege that the hashes identified photo subjects and therefore failed to allege that the hashes constituted biometric identifiers. Martell v. X Corp., 2024 WL 3011353, at *4 (N.D. Ill. June 13, 2024).

BIPA prohibits private entities from collecting or capturing “a person’s or a customer’s biometric identifier or biometric information” without first obtaining the subject’s informed consent, among other requirements. 740 ILCS 14/15(b). BIPA defines “biometric identifier” as “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry” and defines “biometric information” as any information “based on an individual’s biometric identifier used to identify an individual.” 740 ILCS 14/10.

In dismissing the complaint, the court agreed with X’s arguments that Plaintiff failed to plausibly allege (1) that the PhotoDNA software collects scans of facial geometry and (2) that the hashes identified photo subjects. First, the court rejected Plaintiff’s “conclusory” assertion that the creation of a hash from a photo that includes a person’s face “necessitates” creating a scan of facial geometry, saying, “The fact that PhotoDNA creates a unique hash for each photo does not necessarily imply that it is scanning for an individual’s facial geometry when creating the hash.” Id. at *2. The court distinguished Plaintiff’s allegation from those that withstood dismissal in a different case in which the plaintiff alleged that scans of photos “located her face and zeroed in on its unique contours to create a ‘template’ that maps and records her distinct facial measurements.” Id. at 3 (quoting Rivera v. Google Inc., 238 F. Supp. 3d 1088, 1091 (N.D. Ill. 2017)).Continue Reading Illinois Federal Court Dismisses BIPA Suit Against X, Holding “Biometric Identifiers” Must Identify Individuals

On 24 June 2024, the Council of the European Union (the “Council”) adopted a new package of economic sanctions against Russia. This 14th package of sanctions introduces a broad range of new prohibitions, including new export and import sanctions, new services restrictions, new sanctions designations and further measures targeting the Russian financial and energy sectors. The 14th package also includes measures relating to the circumvention of existing EU-Russia sanctions, including the imposition of a new, affirmative obligation for EU companies to address diversion and circumvention risks both within their own operations as well as the operations of their non-EU based subsidiaries.  

Finally, the new Russia measures expand the powers of courts within Member States to hear damages claims arising from the actions of Russian companies related to “sanctions implementation and expropriation”.

The new EU measures were adopted shortly after the United States and the United Kingdom adopted new Russia related export controls and sanctions, which we summarize in this alert.

Separately, on 30 June 2024 the EU passed a broad new set of sanctions relating to Belarus, including various measures intended to bring the EU-Belarus sanctions more closely in line with similar Russia-related measures.

The EU’s 14th Package of Sanctions Targeting Russia

Asset-freezing Designations

Council Implementing Regulation (EU) 2024/1746 designates additional individuals and entities to the EU asset-freezing list. The new designations target the Russian military sector but also include entities—and owners and senior managers of companies—operating in other sectors of the Russian economy, such as Russia’s largest shipping company, Sovcomflot, and OJSC Ural Airlines.Continue Reading EU Imposes Additional Sanctions Against Russia and Belarus

Executive Summary

  • President Luiz Inácio Lula da Silva’s administration has pursued a vigorous effort to increase revenue as part of Brazil’s fiscal framework implementation.  At the same time, the administration has avoided spending cuts.
  • This strategy seems to be reaching its political limit, creating an incentive for the administration to weaken the fiscal framework approved by Brazil’s National Congress last year.
  • This sends mixed signals to investors and results in an overburdened monetary policy, which may lead to reduced investment, growth, and job creation in the medium term.

Analysis

On August 30, 2023, President Luiz Inácio Lula da Silva signed into law Brazil’s new fiscal framework.  The framework was presented by his administration in March last year, and approved by Brazil’s National Congress in less than five months.  It was the administration’s top economic policy priority to stabilize public debt, create an incentive for the Central Bank to reduce the benchmark interest rate, and reignite economic growth and job creation.  It was also highly anticipated by market players to assess the administration’s commitment to fiscal responsibility.

Framework Mechanics

The framework established a “fiscal anchor” based on an annual primary budget surplus target, beginning with a deficit of 0.5 percent of GDP in 2023 and growing in 0.5 pp increments per year until reaching a surplus of 1.0 percent of GDP in 2026.  It is a linear trajectory to put the country’s fiscal policy back in a scenario of annual primary budget surpluses (i.e., excluding debt servicing.)  These targets were codified in the 2024 annual budget authorization legislation signed into law on December 29, 2023.Continue Reading Brazil’s Weakening Fiscal Framework and its Impact on Businesses

June 27, 2024, Covington Alert

On June 25, 2024, the Food and Drug Administration’s (FDA) Center for Veterinary Medicine (CVM) announced that it has finalized Guidance for Industry (GFI) #276, Effectiveness of Anthelmintics: Specific Recommendations for Products Proposed for the Prevention of Heartworm Disease in Dogs (Final Guidance). The Final Guidance replaces CVM’s draft guidance issued in November 2022. While CVM’s core recommendations remain the same, the Final Guidance clarifies the discussion and recommendations related to geographic locations from which Dirofilaria immitis (D. immitis) larvae used in trials should be sourced, laboratory dose confirmation studies, and field effectiveness studies for products intended to prevent heartworm disease. CVM’s stated overarching goal in making the revisions is to better align GFI #276 with current technology and veterinary epidemiology, including available diagnostic methodology. Drug sponsors who deviate from these recommendations are encouraged to discuss the deviations with CVM.

Background

On May 24, 2018, FDA published a Federal Register Notice requesting public input on possible alternative approaches for evaluating the effectiveness of heartworm disease prevention products for dogs. On its webpage announcing the final guidance, FDA explained that it asked for public input because of reports of lack of effectiveness and certain limitations of the effectiveness studies conducted to support product approval. FDA’s then-current recommendation for demonstrating the effectiveness of a new animal drug intended to prevent heartworm disease was for sponsors to conduct two laboratory dose confirmation studies and one multi-site field effectiveness study under the principles of Good Clinical Practice. FDA specifically requested input on the population level effectiveness endpoint, exposure to infective D. immitis larvae in field studies, outcome assessment in field studies, and laboratory study designs.Continue Reading FDA Issues Final Guidance on Demonstrating Effectiveness of Anthelmintics in Dogs

June 27, 2024, Covington Alert

Per- and poly-fluoroalkyl substances (PFAS)—sometimes referred to as “forever chemicals”—have garnered significant attention in recent years, becoming a focus of government regulation and a deluge of civil litigation targeting a wide array of industries. As with any developing area of risk, it is critical that companies assess what insurance coverage they have for PFAS-related risks; allegations of PFAS exposure can trigger decades of potentially available insurance coverage. Policyholders across industries are taking steps to assess their exposure to PFAS liability and to evaluate the insurance coverage that may respond to any PFAS-related claims.

Recent Developments

The science concerning the human health and environmental effects of PFAS has progressed significantly over the last two decades. For example, in 2024, environmental and other regulators took significant action on PFAS:

  • In February, the Food and Drug Administration announced a voluntary ban on PFAS-containing food packaging, such as takeout containers, microwave popcorn bags, and fast-food wrappers, in the U.S.
  • In April, the Environmental Protection Agency set its first regulatory limits on six types of PFAS in drinking water. The EPA also designated two types of PFAS as CERCLA hazardous substances, paving the way for future contribution actions under environmental cost-recovery statutes.

Continue Reading Navigating PFAS Liability: Emerging Regulations, Litigation Risks, and Insurance Coverage Strategies

A recent decision by the Armed Services Board of Contract Appeals found the Navy liable to a commercial crane manufacturer for delay damages. In Konecranes Nuclear Equip. & Servs., LLC, ASBCA No. 62797, 2024 WL 2698011 (May 7, 2024), the Board reiterated the age-old lesson—you have to read the contract—and provided guidance about how to calculate the delay damages. Beyond that, the Board found apparent inspiration for part of its holding in an unlikely source: a classic song by the Rolling Stones.Continue Reading You Can’t Always Get What You Want: ASBCA Channels Rolling Stones and Awards Contractor $4.9 Million in Delay Damages

With three months left until the end of this year’s legislative session, the California Legislature has been considering a flurry of bills regarding artificial intelligence (AI). Notable bills, described further below, impose requirements on developers and deployers of generative AI systems. The bills contain varying definitions of AI and generative AI systems. Each of these bills has been passed by one legislative chamber, but remains under consideration in the other chamber.

Legislation Regulating AI Developers

Two bills would require generative AI systems to make AI-generated content easily identifiable.

  • SB 942 would require generative AI systems that average 1 million monthly visitors or users to provide an “AI detection tool” that would verify whether content was generated by the system. It would also require AI-generated content to have a visible and difficult to remove disclosure that the content was generated by AI. A noncompliant system would incur a daily $5,000 fine, although only the Attorney General could file an enforcement action.
  • AB 3211 would require, starting February 1, 2025, that every generative AI system, as defined under the law, place watermarks in AI-generated content. Generative AI systems would need to develop associated decoders that would verify whether content was generated by the system. A system available before February 1, 2025 could only remain available if the provider of the system created a decoder with 99% accuracy or published research that the system is incapable of producing inauthentic content. A system used in a conversational setting (e.g., chatbots) would need to clearly disclose that it generates synthetic content. Additionally, vulnerabilities in the system would need to be reported to the Department of Technology. The Department of Technology would have administrative enforcement authority to impose penalties up to the greater of $1 million or 5% of the violator’s annual global revenue.

Two additional bills would limit or require disclosure of information about data sources used to train AI models.

  • AB 2013 would require, beginning in January 1, 2026, that the developer of any AI model post on their website information regarding the data used to train the model. This would include: the source or owner of the data; the number of samples in the data; whether the data is protected by copyright, trademark, or patent; and whether there is personal information or aggregate commercial information in the data, as defined in the California Consumer Privacy Act (CCPA). AI models developed solely to ensure security and integrity would be exempt from this requirement.
  • AB 2877 would prohibit using personal information, as defined in the CCPA, of individuals under 16 years old to train an AI model without affirmative consent. The individual’s parent would need to give affirmative consent for individuals under 13 years old. Even with consent, the developer would need to deidentify and aggregate the data before using it to train an AI model.

Legislators also are considering preemptively regulating AI that is more advanced than systems currently in existence. SB 1047 would create a new Frontier Model Division to regulate AI models trained on a system that can perform 1026 integer operations per second (IOPS) or floating-point operations per second (FLOPS). The legislature emphasized this would not regulate any technology currently in existence. The bill would also require operators of a cluster of computers that can perform 1020 IOPS or FLOPS to establish certain policies around customer use of the cluster.Continue Reading California Legislature Advances Several AI-Related Bills

June 18, 2024, Covington Alert

On June 12, 2024, the U.S. Department of the Treasury, Office of Foreign Assets Control (“OFAC”) and the U.S. Commerce Department, Bureau of Industry and Security (“BIS”) issued additional measures to counter Russia’s continued aggression in Ukraine. The measures, announced in advance of the G7 summit in Italy last week, are intended to “continue to drive up costs for the Russian war machine.”

The actions taken by OFAC and BIS include new prohibitions on providing certain information technology- and software-related services to persons located in Russia, establishing additional sanctions designed to target the Russian financial infrastructure, strengthening secondary sanctions that can be applied to non-U.S. persons (including in particular non-U.S. financial institutions), and expanding export controls restrictions on items destined for Russia and Belarus (including with respect to certain types of software). Along with the new rules, OFAC designated for property-blocking sanctions more than 300 individuals and entities (including parties identified for sanctions by the U.S. State Department), while BIS used its authority to make additions to the Entity List, issue Temporary Denial Orders, and notify U.S. distributors of additional restrictions on shipments to parties known to be supplying items to Russia. Significantly, BIS altered its Entity List rules to permit certain address-only designations to the Entity List and, among other designations, added to the Entity List eight addresses in Hong Kong with a high diversion risk. Exports, reexports, or transfers of certain items subject to the Export Administration Regulations (“EAR”) to purchasers, intermediate or ultimate consignees, and end ­users who use those addresses generally will require authorization from BIS.

Separately, on June 13, 2024, the UK Government imposed a new round of asset-freezing sanctions on a number of notable Russian entities. The European Union is also considering a 14th package of sanctions measures relating to Russia, although as of this writing the EU has not yet enacted the new package.

New U.S. Sanctions

Prohibition on Certain Information Technology and Software Services

As part of the joint actions, OFAC issued a determination pursuant to the authority of Executive Order 14071 (the “IT and Software Services Determination”) that prohibits the exportation, reexportation, sale, or supply, directly or indirectly, from the United States, or by a U.S. person, wherever located, of (i) information technology (“IT”) consultancy and design services, and (ii) IT support services and cloud-based services for enterprise management software and design and manufacturing software (collectively, “Covered Software”) to any person located in the Russian Federation, unless licensed or otherwise authorized by OFAC. The IT and Software Services Determination is effective beginning at 12:01 eastern daylight time on September 12, 2024. “U.S. persons” include U.S. legal entities and their non-U.S. branches; U.S. citizens and lawful permanent residents, no matter where located or employed; and persons present in the United States.Continue Reading U.S. Government Issues New U.S. Sanctions and Export Controls Targeting Russia and Belarus for Continued Aggression Against Ukraine; Update on European Sanctions Developments