Beyond the human toll of the current global health crisis, the coronavirus outbreak is having serious economic repercussions to the global economy and the supply chains on which it depends. Dun & Bradstreet reported, “at least 51,000 (163 Fortune 1000) companies around the world have one or more direct or Tier 1 suppliers in the impacted regions, and at least five million companies (938 Fortune 1000) around the world have one or more Tier 2 suppliers in the impacted region.” Factory closings, transportation restrictions and general concerns about a potential pandemic are causing shortages of critical supplies and employees, and are testing the bounds and obligations of various contracts entered into between vendors and customers.

As a result of this disruption, many businesses are assessing their contracts to understand the extent of their rights, remedies and obligations with respect to their business partners. Suppliers of goods and services unable to deliver on contractual obligations are looking to see what provisions, if any, may protect them from a default. And in turn, recipients encountering delays from suppliers unable to deliver goods and services in a timely manner (or at all) are also looking to their agreements to see what rights, obligations, and remedies they may have in these circumstances.

Epic Games, Inc. (“Epic”) is the publisher of the popular online multiplayer videogame Fortnite, released in 2017. In recent years, Fortnight has gained worldwide popularity with gamers and esports followers (culminating in July 2019 when a sixteen-year-old player won the $3 million prize for winning the Fortnite World Cup).  Players, in one version of the game, are dropped onto a virtual landscape and compete in a battle royale to survive.  In the real world, Epic recently survived its own encounter – not with the help of scavenged weapons or shield potions – but through its well-drafted end user license agreement (“EULA” or “terms”).

Earlier this month, the District Court for the Eastern District of North Carolina granted Epic’s motion to compel individual arbitration of the claims of a putative class action.  The action arose in connection with a cyber vulnerability that allowed hackers to breach user accounts. The court concluded that the arbitration provision contained in the EULA was enforceable in this case, even where a minor was the person who ultimately assented to the terms. (Heidbreder v. Epic Games, Inc., No. 19-348 (E.D.N.C. Feb. 3, 2020)).   

In 2018, Congress passed the Foreign Investment Risk Review Modernization Act (FIRRMA) to modernize the Committee on Foreign Investment in the United States (CFIUS). CFIUS is chaired by the Secretary of the Treasury and is empowered to review certain transactions involving foreign investment in the U.S.

Last week, Democratic Senators Ron Wyden and Sherrod Brown and Congresswoman Anna Eshoo sent a letter to FTC Chairman Joseph J. Simons urging the agency to investigate whether analytics firm Envestnet, Inc. (which operates Yodlee) was violating the FTC Act.

According to the letter, Yodlee is the largest consumer financial data aggregator in the United States.  It aggregates financial information from banks, credit card companies and other financial services providers with consumer consent, and maintains a database of credit and debit card transactions of tens of millions of consumers. The letter asserts that Yodlee is used by over 1,200 companies to offer online personal finance tools to consumers.  Yodlee offers its software and platform to fintech providers, banks, financial apps, consumers and others to help process financial data from various sources.

The crux of the letter claims that Envestnet sells access to such consumer data without meaningful notice to consumers of such sale.  The members of Congress reject Envestment’s position that consumer privacy is protected because the data it sells is anonymized, and claim that Envestnet does not inform consumers that their personal financial data is being sold, but rather relies on its partners to make such disclosures in privacy policies or terms of service. The letter asserts that this is not sufficient, as Envestnet does not appear to take any steps to ensure that its partners give such notice, and even if they did, such practices place the burden on consumers to find such a notice “buried in small print” and then search for a way to opt out of such data sharing.

On January 7, 2019, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) announced its 2020 examination priorities. In doing so, OCIE identified certain areas of technology-related concern, and in particular, on the issue of alternative data and cybersecurity. [For a more detailed review of OCIE’s

On January 7, 2019, the federal Office of Management and Budget (OMB) released a draft of a memorandum setting forth guidance to assist federal agencies in developing regulatory and non-regulatory approaches regarding artificial intelligence (AI).  This draft guidance will be available for public comment for sixty days, after which it will be finalized and issued to federal agencies.

According to the draft, the guidance was developed with the intent to reduce barriers to innovation while also balancing privacy and security concerns and respect for IP. The proposed guidance features ten principles to guide regulatory approaches to AI applications.  In addition, in what may be a boon for those in the private sector developing AI infrastructure, the OMB reinforces the objective of making federal data and models generally available to the private sector for non-federal use in developing AI systems.

Initial responses to the proposed guidance has been mixed, and it remains to be seen how the principles in the guidance (when finalized) will be put in practice. Notably, however, those who intend to invest significant resources in AI-based infrastructure should be aware of what may prove to be the emerging blueprint for AI regulation in the near future.