Episode 14 is now live. In this episode of Consumer Counterpoint, we sit down with Chicago partner Jay Carle to discuss the launch of Seyfarth’s new D.A.T.A. Law practice group. Jay shares insights into the group’s multidisciplinary approach and how it’s designed to help clients stay ahead of emerging data and technology challenges.
Safeguarding Sensitive Government Information: Why the Cybersecurity Maturity Model Certification (CMMC) Matters for the Global Defense Innovation Ecosystem
Over the past decade, a vibrant defense‑innovation ecosystem has emerged across the U.S. and Europe, powered by venture‑backed defense tech startups, dual‑use technology companies, and commercial‑first innovators entering national‑security markets. As these companies begin collaborating with defense agencies, they encounter compliance obligations for handling sensitive government information. For those seeking to enter the US national security innovation sector, the center of attention remains on safeguarding Controlled Unclassified Information (CUI).
While the recently codified Cybersecurity Maturity Model Certification (CMMC) addresses more than CUI, its principal aim is to remediate inconsistent compliance with the implementation of the NIST SP 800-171 controls required to safeguard CUI in the Defense Federal Acquisition Supplement (DFARS). Whether or not a company sees itself as a “defense contractor,” understanding CUI and CMMC is rapidly becoming essential for participating in this expanding global ecosystem.
Against that backdrop, this post outlines CUI’s role within CMMC, identifies the primary sources of the underlying safeguarding obligations, and explains how CMMC operationalizes verification of those requirements, especially at Level 2.
Continue Reading Safeguarding Sensitive Government Information: Why the Cybersecurity Maturity Model Certification (CMMC) Matters for the Global Defense Innovation EcosystemThe AI-Driven Evolution of Robotics
Introduction
Robotics and artificial intelligence are converging at an unprecedented pace. As robotics systems increasingly integrate AI-driven decision-making, businesses are unlocking new efficiencies and capabilities across industries from manufacturing and logistics to healthcare and real estate.
Yet this convergence introduces complex legal and regulatory challenges. Companies deploying AI-enabled robotics must navigate issues related to data privacy, intellectual property, workplace safety, liability, and compliance with emerging AI governance frameworks.
The Shift: Robotics as an AI Subset
Traditionally, robotics was viewed as a standalone discipline focused on mechanical automation. Today, robotics is increasingly powered by machine learning algorithms, natural language processing, and predictive analytics—hallmarks of AI technology.
This evolution raises critical questions for legal teams:
- Who owns the data generated by AI-enabled robots?
- How do we allocate liability when autonomous systems make decisions without human intervention?
- What contractual safeguards should be in place when outsourcing robotics solutions to third-party vendors?
As robotics increasingly incorporates AI functionality, traditional contract structures for hardware procurement and service agreements require significant updates. This evolution introduces new risk categories that must be addressed through precise drafting and negotiation.
Continue Reading The AI-Driven Evolution of Robotics“Untenable.” Federal California District Court Calls for Legislative Action on CIPA
On Friday, October 17, 2025, U.S. District Court Judge Vince Chhabria issued a biting Order granting defendant Eating Recovery Center, LLC’s (“ERC”) motion for summary judgment on the plaintiff Jane Doe’s California Invasion of Privacy Act (CIPA) claims, a law enacted in 1967 to address the increasing use of wiretapping to eavesdrop on private phone
California Privacy Protection Agency (CPPA) Finally Voted to Adopt Much Debated Update to CCPA Regulations: What Your Business Should Know
On July 24, 2025, the California Privacy Protection Agency (“CPPA”) unanimously voted to adopt a package of Proposed Regulations for the California Consumer Privacy Act (“CCPA”), marking a significant development in California privacy law. These cover Automated Decision-making Technology (“ADMT”), mandatory Cybersecurity Audits, Risk Assessments, and clarifications for the CCPA’s applicability to Insurance Companies. The package will move into its final review stage before formal enactment, once filed with the California Office of Administrative Law.
CCPA Steering Toward Operational Compliance
This is a clear signal that privacy compliance expectations in California are trending toward a more operational phase. The new rules are designed to give Californians greater control over how their personal information is used while pushing businesses toward higher levels of transparency and accountability, especially when automated decision-making and high-risk data processing is involved. For companies, this is more than just a theoretical update – it’s a clarion call to ensure these requirements are built into day-to-day governance, technology and process design, and vendor management practices.
Continue Reading California Privacy Protection Agency (CPPA) Finally Voted to Adopt Much Debated Update to CCPA Regulations: What Your Business Should KnowTracking Users’ Web Browsing Activity Does Not Constitute Illegal Wiretapping under Massachusetts Law
Seyfarth Synopsis: In a significant decision for website operators, the Massachusetts Supreme Judicial Court clarified that tracking users’ web activity does not constitute illegal wiretapping under the state’s Wiretap Act. The court found that person-to-website interactions fall outside the Act’s scope, which focuses on person-to-person communications. However, the court emphasized that other privacy laws could still apply to such tracking practices. This ruling may influence how similar cases proceed nationwide and signals to the Massachusetts legislature that any broader restrictions on web tracking require explicit statutory action.
Continue Reading Tracking Users’ Web Browsing Activity Does Not Constitute Illegal Wiretapping under Massachusetts LawUpcoming Event! Seyfarth Privacy Salon: Roundtable on Cross-Border Data Transfers, Privacy, and Cybersecurity
In recent years, privacy and cybersecurity consistently hit the top of legal leaders’ lists of their biggest concerns. In fact, a recent Association of Corporate Counsel Chief Legal Officers Survey found that, when rating a list of items on their importance to the business, CLOs placed cybersecurity, regulation and compliance issues, and data privacy as the top three most critical issues for the business.
Continue Reading Upcoming Event! Seyfarth Privacy Salon: Roundtable on Cross-Border Data Transfers, Privacy, and Cybersecurity
Upcoming Webinar! Data Protection and Cybersecurity: Safeguarding Trade Secrets in the Digital Age
In today’s ever-evolving and interconnected world, trade secret protection demands proactive measures against both technological vulnerabilities and human threats. Join us for the fourth installment of our 2024 Trade Secrets Webinar Series, where our panel of seasoned trade secrets and cybersecurity attorneys will equip you with practical strategies to bolster your defenses.
Continue Reading Upcoming Webinar! Data Protection and Cybersecurity: Safeguarding Trade Secrets in the Digital Age
Buckle Up: How Privacy Policy And Antitrust Enforcement Could Affect Automakers In 2023
In a January 11, 2023 op-ed published in the Wall Street Journal, President Joe Biden urged “Democrats and Republicans to come together to pass strong bipartisan legislation to hold Big Tech accountable.” He warned that the “risks Big Tech poses for ordinary Americans are clear. Big Tech companies collect huge amounts of data” about
The EU Digital Services Act: Overview and Impact
On 16 November 2022, EU Regulation 2022/2065, better known as the Digital Services Act (“DSA”), came into force. The DSA is a key development in the use of online services in the European Union (“EU”), with an impact on online services as significant as the one which the General Data Protection Regulation (“GDPR”) had upon the collection, use, transfer, and storage of data originating in the EU on 25 May 2018.
Ambit
The DSA sets out rules and obligations for digital services providers that act as intermediaries in their role of connecting consumers with goods, services, and content.
Its goal is to regulate and control the dissemination of illegal or harmful content online, provide more consumer protection in online marketplaces, and to introduce safeguards for internet users and users of digital services. It also introduces new obligations for major online platforms and search engines to prevent such platforms being abused.
Continue Reading The EU Digital Services Act: Overview and Impact