Data Dive

On August 24, 2022, California Attorney General Rob Bonta (AG) announced a proposed settlement with beauty retailer Sephora USA, Inc. to resolve claims that Sephora violated the California Consumer Privacy Act (CCPA). Under the settlement, Sephora must pay $1.2 million and commit to comply with the CCPA and relevant provisions of the California Privacy Rights Act (CPRA) when they become operative on January 1, 2023. This is the first public enforcement action by the AG under the CCPA.

The UK government is clearly keen to attract artificial intelligence (AI) developers to the UK by promising a regulatory environment that will nurture development and innovation. In its recently published Policy Paper, the UK government presented early proposals for what the UK’s regulatory framework in respect of AI might look like (the “Framework”). This follows the National Artificial Intelligence Strategy, which was published in September 2021 and specified AI regulation as a priority for the UK government. Whilst these early proposals are very high level, we set out the key points of interest in this post.

The European Parliament has reached agreement on the text of the Digital Services Act (DSA). The DSA is new legislation that will require certain providers of online services to comply with new obligations in order to ensure online safety and to prevent the spread of illegal content. The practical effects of the legislation will likely include increased compliance costs for businesses, possible organisational/personnel changes at a compliance level and increased accountability to relevant authorities.