Photo of Lothar Determann

On October 30, 2023, President Biden issued a 63-page Executive Order to define the trajectory of artificial intelligence adoption, governance and usage within the United States government. The Executive Order outlines eight guiding principles and priorities for US federal agencies to adhere to as they adopt, govern and use AI. While safety and security are predictably high on the list, so too is a desire to make America a leader in the AI industry including AI development by the federal government. While executive orders are not a statute or regulation and do not require confirmation by Congress, they are binding and can have the force of law, usually based on existing statutory powers.

Instruction to Federal Agencies and Impact on Non-Governmental Entities

The Order directs a majority of federal agencies to address AI’s specific implications for their sectors, setting varied timelines ranging from 30 to 365 days for each applicable agency to implement specific requirements set forth in the Order.

The actions required of the federal agencies will impact non-government entities in a number of ways, because agencies will seek to impose contractual obligations to implement provisions of the Order or invoke statutory powers under the Defense Production Act for the national defense and the protection of critical infrastructure, including: (i) introducing reporting and other obligations for technology providers (both foundational model providers and IaaS providers); (ii) adding requirements for entities that work with the federal government in a contracting capacity; and (iii) influencing overall AI policy development.Continue Reading Biden’s Wide-Ranging Executive Order on Artificial Intelligence Sets Stage For Regulation, Investment, Oversight and Accountability

With special thanks to Danielle Benecke and Ben Allgrove for their contributions.

Baker McKenzie recently hosted industry leaders from Anthropic, Google Cloud and OpenAI in Palo Alto to discuss how in-house legal counsel can best reckon with the transformative power of GenAI.

Baker McKenzie partners joined the panel, sharing insights from their vantage point

In first-of-its-kind legislation, under SB 54, California will require venture capital companies to collect and report diversity data from portfolio company founders as soon as March 1, 2025. The new Fair Investment Practices by Investment Advisers law intends to increase transparency regarding the diversity of founding teams receiving venture funds from covered entities

Special thanks to our Baker McKenzie speakers Danielle Benecke and Ben Allgrove, and Industry Experts Ashley Pantuliano, Associate General Counsel, OpenAI, Julian Tsisin, Global Legal & Compliance Technology, Meta, Janel Thamkul, Deputy General Counsel, Anthropic, and Suneil Thomas, Managing Counsel, Google Cloud AI.

Baker McKenzie is pleased to invite you to an

Today, California Attorney General Bonta announced an “investigative sweep” through inquiry letters sent to California employers. In the letters, information on California Consumer Privacy Act (CCPA) compliance is requested specifically with respect to the personal information of employees and job applicants.

The Attorney General noted “we are sending inquiry letters to learn how employers are

Since July 1, 2023, the California Privacy Protection Agency has the power to bring administrative enforcement actions under the California Consumer Privacy Act (CCPA) (see our post on California Privacy Law Action Items for Employers).

While a June 30, 2023 ruling by the Sacramento County Superior Court stays enforcement of the March 29, 2023

The new year always brings new challenges for employers, but California employers in particular face a world of change in 2023.

In our 75-minute “quick hits” format, we help you track what California employers need to keep top-of-mind for 2023 and provide practical takeaways to help you navigate the new landscape.

This webinar helps to

In less than two months, on January 1, 2023, the California Consumer Privacy Act (CCPA) as revised by the California Privacy Rights Act (CPRA) will take effect fully in the job applicant and employment context.

And with respect to job applicants and personnel, businesses subject to the CCPA will be required to (i) issue further revised privacy notices, (ii) be ready to respond to data subject requests, (iii) have determined if they sell or share for cross context behavioral advertising personal information about them, and (iv) have determined if they use or disclose sensitive personal information about them outside of specific purposes. If employers sell, share for cross-context behavioral advertising, or use or disclose sensitive personal information outside of limited purposes, numerous additional compliance obligations apply. See also our related previous post: Employers Must Prepare Now for New California Employee Privacy Rights.

Here are some key recommendations on what employers should do now:

1. Review contracts with parties to whom you disclose personal information about applicants and personnel. The CCPA prescribes certain types of clauses that have to appear in agreements between parties exchanging personal information, and you will have to include certain data processing clauses if you do not want to be considered to be “selling” (which the CCPA defines to mean disclosing in exchange for monetary or valuable consideration) or “sharing” (which the CCPA defines to mean disclosing for the purposes of cross-context behavioral advertising) personal information and offer related opt-out processes. It is not practical for employers to offer opt-out rights in most scenarios, due to the CCPA’s non -discrimination requirements. The CCPA regulations, which are currently being revised by the California Privacy Protection Agency (latest draft as of this publication is available here), include additional requirements. Businesses should continue to update such contracts with parties it discloses personal information to.

2. Prepare/revise notices at collection and include HR data in your online CCPA Privacy Policy. At collection notices in the employment context have been required under the CCPA since 2020, but new specific disclosure requirements apply from January 1, 2023. Your comprehensive online CCPA privacy policy will also have to reflect your processing of HR data. You should consider updating/preparing a privacy notice at collection that is specific to the CCPA and separate from any privacy notice you might use to address privacy laws in other jurisdictions, since California laws establish increasingly unique requirements and use unique terms that may be difficult to reconcile with those of other jurisdictions (from January 1, 2023, businesses must use specific terms from the CCPA to describe categories of personal information in all notices at collection). At the same time, you have to be mindful of setting or negating privacy expectations. If you issue privacy notices to job applicants and personnel that merely address CCPA disclosure requirements, the recipients of such notices may develop privacy expectations that could later hinder you in conducting investigations or deploying monitoring technologies intended to protect data security, co-workers, trade secrets and compliance objectives.Continue Reading California Privacy Law Action Items for Employers