Last year, in an important decision for companies that routinely face false advertising claims, the Ninth Circuit held that when “a front label is ambiguous, the ambiguity can be resolved by reference to the back label.”  McGinity v. Procter & Gamble Co., 69 F.4th 1093, 1099 (9th Cir. 2023).  The Ninth Circuit recently further clarified when reference to the back label is appropriate.  See Whiteside v. Kimberly Clark Corp., 108 F.4th 771 (9th Cir. 2024).

On September 28, California’s governor signed a number of bills into law, including to regulate health care facilities’ use of artificial intelligence (“AI”).  This included AB 3030, which regulates certain California-licensed health care facilities’ use of AI and SB 1223, which amends the California Consumer Privacy Act (CCPA) to cover “neural data.”  We discuss each bill in turn below.

AB 3030

On September 25, the Federal Trade Commission (FTC) announced that it brought five actions against companies it accused of using “artificial intelligence as a way to supercharge deceptive or unfair conduct that harms consumers.”  These actions, which the FTC indicated are part of its new enforcement sweep called “Operation AI Comply,” reflect the FTC’s repeatedly stated intention to exercise its authority under the FTC Act and other rules in connection with AI-related products and marketing claims. 

The five actions rely on a range of FTC authorities and target several different forms of conduct. 

  • DoNotPay: The FTC brought an action against DoNotPay, which purports to offer automated legal services, on the theory that it violated the FTC Act by making false claims that its product could substitute for the expertise of a human lawyer.  A proposed settlement would require DoNotPay to pay $193,000, provide notices to past subscribers, and avoid making claims about its ability to substitute AI for professional expertise without proper evidence.

Executive Summary

  • Nation-wide elections for mayors and city councilors will likely impact Brazil’s national politics, its federal government, and the upcoming elections for the Speaker of the House and President of the Senate – all of them relevant for investors.
  • The local elections will be seen as a referendum on President Luiz Inácio Lula da Silva’s policies, as well as a test of the opposition’s strength, including former President Jair Bolsonaro’s current political standing.
  • The outcome of these elections might impact the Lula administration’s policy trajectory, the strength of the pro-business majority in Brazil’s National Congress, and the functioning of federal regulatory agencies in 11 key economic sectors.

Analysis

On October 6, Brazil will hold its nation-wide elections for mayors and city councilors.  All 5,569 Brazilian cities will elect the head of the local executive branch, as well as all city council members for a four-year term.

While this electoral cycle focuses on local issues, and mayors and city councilors have a limited policy impact on businesses, the local elections will likely have a significant impact on national politics, the federal government, and the upcoming elections for the Speaker of the House of Deputies and the President of the Federal Senate – all of them relevant to investors.

Impact on federal government

Election watchers will be looking at the performance of the main political groups based on three indicators: the total number of mayors and city councilors they elect; wins in the 27 state capitals; and wins in the so-called “G103”, the 103 cities with a population of more than 200,000.

If the election results in a larger number of mayors and city councilors formally supported by President Luiz Inácio Lula da Silva, this will likely be seen as voters’ endorsement of his policies.  While voters might not focus on specific policies – including, among other aspects, a lax fiscal policy, increased taxation, and state capitalism-type measures – individual perceptions on cost of living and economic prosperity tend to play a role in voting decisions.  In this scenario, the Lula administration will likely continue its current policy trajectory.  However, if the total number of mayors and city councilors supported by the president is equal to or lower than the existing number, the result will probably be seen as a rebuke of the Lula administration and might result in pressure to change current policies.

The UK Government has announced that it intends to introduce the Cyber Security and Resilience Bill (the “Bill”) to Parliament in 2025. Formally proposed as part of the King’s Speech in July, this Bill is intended to strengthen the UK’s cross-sectoral cyber security legislation to better protect the UK’s economy and infrastructure. This Bill will update the existing NIS Regulations, which derive from EU law. Part of the UK Government’s motivation seems to be to keep pace with updates to EU law in this area, specifically relating to the NIS2 Directive that starts to apply this month (see our blog post on this, here).

On September 26, 2024, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS OCR”) announced that it had settled its cybersecurity investigation with Cascade Eye and Skin Centers, P.C. (“Cascade”), a privately-owned health care provider in Washington.  For background, HHS OCR is responsible for administering and enforcing the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations, which include the HIPAA Privacy, Security, and Breach Notification Rules (collectively, “HIPAA”).  Among other things, HIPAA requires that regulated entities take steps to protect the privacy and security of patients’ protected health information (“PHI”).

Updated October 1, 2024.  Originally posted September 19, 2024.

Last month, far-reaching proposals to regulate sports betting were introduced in the U.S. Senate and the House of Representatives by Senator Richard Blumenthal and Representative Paul Tonko which mark “the first comprehensive legislation that would address the public health implications inherent in the widespread legalization of sports betting.”  The bills, called the Supporting Affordability and Fairness with Every Bet (SAFE Bet) Act, would establish a broad federal scheme imposed on State gambling authorities to limit sports betting advertising, address problem gambling, and focus on other “public safety” measures. 

The SAFE Bet Act would establish a general nationwide prohibition on sports betting with an exception for States that receive approval from the Department of Justice (DOJ) to operate a sports betting program consistent with the requirements of the proposed legislation.  DOJ approval of a State’s application would be valid for three years and would be renewable.  To receive approval, a State would have to show that it meets minimum federal standards related to sports betting advertising, controls on customer deposits, general consumer-protection requirements, and the use of artificial intelligence (AI) by sports betting operators.  The following is a high-level summary of the key standards.

Those of us who advise on medicines advertising issues have been waiting for much of 2024 for the Association of the British Pharmaceutical Industry (“ABPI”) together with its self-regulatory body for pharmaceutical advertising, the Prescription Medicines Code of Practice Authority (“PMCPA”), to publish the new Code of Practice for the Pharmaceutical Industry (“ABPI Code”).  On 23 September 2024, the suspense finally lifted, with the publication of the ABPI Code 2024 (available here).  The 2024 ABPI Code replaces the previous version from 2021. 

The new ABPI Code incorporates an updated PMCPA Constitution and Procedure, which sets out the procedure for adjudicating upon advertising complaints.

The ABPI initially proposed, and consulted upon, updates to the ABPI Code from December 2023 to February 2024 (please see our previous blog post discussing these proposals here).  The 2024 ABPI Code includes most of the changes that were proposed and consulted upon, usually with only minor changes to wording.  The PMCPA has issued summaries of the changes to the Code and Constitution, which can be found here and here.

The main headline is that the new ABPI Code is very similar to its predecessor.  The consultation received over 3,000 comments, with many commentators calling for more extensive changes than those proposed.  The ABPI appears to have resisted these calls, preferring evolution over revolution.

The changes take effect on 1 October 2024.  However, a transitional period will operate from 1 October 2024 to 31 December 2024, during which time no material or activity will be regarded as breaching the ABPI Code if it fails to comply with the new requirements of the 2024 version.  The 2024 ABPI Code will come into full force on 1 January 2025.  Notably, though, the PMCPA will begin operating in accordance with the new Constitution and Procedure from 1 October 2024, including the legalistic elements and abridged complaints procedure discussed below.

Of the (relatively few) changes, what should legal and compliance teams take note of?

The new PMCPA Constitution and Procedure makes changes to the process for investigating and adjudicating upon advertising complaints.  These changes aim to enhance the flexibility and efficiency of the complaints process.  They include: (i) powers for the PMCPA to issue case management directions; and (ii) a new abridged complaints procedure that could apply in certain cases.  The changes will likely result in a more legalistic feel to PMCPA proceedings.  If the PMCPA notifies a company of a complaint, it may be beneficial to involve legal teams early in the process.

By contrast, changes to a company’s compliance obligations under the new ABPI Code are relatively modest.  The updates are generally clarificatory in nature.  Some changes essentially consolidate and codify into the Code principles that already exist in guidance and previous PMCPA cases.  An example of this is how companies fulfill their obligation to maintain high standards.  There is now more detail on this point in the Code, pulling together concepts from various cases. 

There are also new rules permitting the use of QR codes to provide access to prescribing information in certain cases.

Now that the EU Artificial Intelligence Act (“AI Act”) has entered into force, the EU institutions are turning their attention to the proposal for a directive on adapting non-contractual civil liability rules to artificial intelligence (the so-called “AI Liability Directive”).  Although the EU Parliament and the Council informally agreed on the text of the proposal in December 2023 (see our previous blog posts here and here), the text of the proposal is expected to change based on a complementary impact assessment published by the European Parliamentary Research Service on September 19.

What are the key take-aways of the mission letter to Teresa Ribera Rodríguez, EVP-designate responsible for EU competition policy?

On 17 September 2024, European Commission (“Commission”) President Ursula von der Leyen (“President”), announced her proposed College of Commissioners (“College”) for her second 5-year term. The Commissioners-designate still need to