EDPB Opinion on AI Models and GDPR Principles: Key Takeaways
In December 2024, the European Data Protection Board (EDPB) issued an Opinion in response to a request from the Irish supervisory authority, focusing on the application of GDPR principles in the context of AI models. The Irish supervisory authority posed three specific questions: When and how can an AI model be considered “anonymous”? What is the appropriateness of legitimate interest as a legal basis for AI deployment and development? What are the consequences of unlawful processing of p...
Hoyoverse, developer of Genshin Impact, to pay $20 million to settle FTC complaint
On January 17, the Federal Trade Commission (FTC) announced a proposed settlement with Cognosphere Pte. Ltd and its subsidiary Cognosphere, LLC, doing business as Hoyoverse, developer of gacha video games such as Genshin Impact and Zenless Zone Zero, over allegations that Hoyoverse’s loot boxes and children’s data collection practices violated various federal laws. What is a gacha video game? Generally, a “gacha” video game is one that can be downloaded and played for free but is monetized by...
Texas sues Allstate, continuing Lone Star’s focus on vehicle data regulation
Update: On Jan. 29, 2025, it was reported that on Jan. 12, 2025, Texas sent Kia America, Inc., a notice of their alleged violations of the Texas Data Privacy and Security Act. Kia has 30 days to cure the alleged violations. Everything is bigger in Texas, including data privacy enforcement. On January 13, 2025, Texas continued its recent regulatory focus on vehicular and geolocation data by initiating a lawsuit against Allstate and its subsidiary, Arity, alleging the companies violated numerous...
Metaverse Law in Orange County Lawyer Magazine
The January 2025 edition of Orange County Lawyer magazine features an article written by Metaverse Law's Lily Li. Read "AI and Machine Learning in Drug Development and Clinical Trials" below or in Orange County Lawyer magazine. [Originally published as a Feature Article: AI and Machine Learning in Drug Development and Clinical Trials, by Lily Li, in Orange County Lawyer Magazine, January 2025, Vol. 67 No.1, page 28.] AI and Machine Learning in Drug Development and Clinical Trials by...
HHS releases proposed rule to modify HIPAA Security Rule requirements
On December 27, 2024, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), announced a proposed rule that would modify the security requirements imposed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. The proposed rule, if adopted, would modify the HIPAA Security Rule to require covered entities and their business associates to implement more stringent cybersecurity safeguards and measures to protect electro...
Upcoming Webinar: The EU AI Act: How Will It Affect Your Business?
On Thursday, December 12, 2024 at 11am ET, DataCamp will host a live webinar titled "The EU AI Act: How Will It Affect Your Business?" The speakers are Dan Nechita, Lead Technical Negotiator for the EU AI Act on behalf of the European Parliament, and Lily Li, Data Privacy, Cybersecurity & AI Lawyer and Founder of Metaverse Law. They will cover AI governance and risk management requirements under the EU AI Act and new US AI law. Attendees will: Learn about the scope and requirements of th...
CCPA Board Meeting: Key Takeaways from November 8, 2024
In a vote of 4-1, the California Privacy Protection Agency (CPPA) has decided to move forward with rulemaking of its draft regulations concerning AI, cyber audits, profiling and risk assessments, despite complaints of regulatory overreach. On Friday, November 8, the CCPA held a public meeting to discuss proposed updates to the California Consumer Privacy Act (CCPA) regulations. The hybrid meeting included public comments from a broad range of stakeholders – nearly 45 public comments...
Cybersecurity Laws for the Fintech Industry
In our modern digital landscape, the intersection of cybersecurity, finance and tech has become a focal point for regulators. With the rise of fintech, insurtech, personal financial management, alternative investments, and complex financial APIs, legal frameworks are evolving to keep pace. Below are five notable cybersecurity legal updates within the financial sector, impacting financial institutions, fintech companies, and their service providers both domestically and abroad: ...






