Berry Picks in IT Law #56

Well, it’s my favourite month of the year, and we’re already halfway through it. The first half of July delivered yet another avalanche of AI developments. Privacy lawyers may wish to look away for a few scrolls.

Berry Picks

👩‍⚖️ A federal judge in Mississippi ⁠sanctioned four lawyers after both parties submitted briefs containing AI-generated hallucinated case citations. The court found that the lead attorneys had relied on generative AI without verifying the authorities it produced, while local counsel signed the filings without reviewing them, breaching their duties under Rule 11. Two attorneys had their pro hac vice admissions revoked, were barred from practising before the court for two years and fined, while the local counsel were disqualified from the case and also sanctioned. The judgment reinforces a principle that is rapidly becoming settled across US courts: using AI is not misconduct, but failing to verify its output certainly is. As the court memorably observed, AI may generate the words, but “sincerity, truth and responsibility” remain the lawyer’s responsibility.

📒 A European Commission report on implementing the AI Act’s transparency obligations concludes that no single technical solution can reliably identify AI-generated visual content and instead recommends a layered approach combining cryptographic provenance, invisible watermarking and AI detection. It calls for broader adoption of open standards such as C2PA, continuous monitoring and red-teaming, and further research into more resilient watermarking and real-time AI transparency. The report ultimately argues that effective compliance with Article 50 will depend on combining complementary technical measures with ongoing governance and standardisation, rather than relying on any single technology.

🎩 The Council of the European Union has given its final approval to the Omnibus VII package, formally simplifying parts of the AI Act while postponing the application of the high-risk AI regime until 2 December 2027 for standalone systems and 2 August 2028 for AI embedded in regulated products. At the same time, the amendments introduce a new prohibited AI practice by banning systems that generate non-consensual sexual deepfakes or AI-generated child sexual abuse material, clarify the AI Office’s supervisory powers, and seek to reduce regulatory overlap with sector-specific legislation. Notably, while the high-risk rules have been delayed, the AI Act’s transparency obligations remain on track, with providers now required to implement Article 50 transparency solutions by 2 December 2026, following a shortened three-month grace period.

Berry Picks ft. The Algorithm

A little disclaimer: please bear in mind that the news items below have been summarised by AI, a pinch of salt and all.

🤖 Artificial Intelligence

  • The United Nations has opened its Global Dialogue on AI Governance, with António Guterres warning that technical development is outpacing both scientific understanding and public regulation. A UN expert panel cautioned that unchecked progress could produce catastrophic harms and deepen inequality, while the UN Human Rights Commissioner called for governance centred on human rights, protection against mass surveillance and meaningful public accountability. Reuters | Reuters
  • China’s Interim Measures for Anthropomorphic AI Interaction Services entered into force on 15 July, introducing national rules for AI companions and emotional-interaction services. Providers must detect emotional distress, provide crisis interventions and protect personal data, while remaining legally responsible for failures involving manipulation, deception or unsafe autonomous behaviour. IAPP | IAPP
  • Australia will establish an Office of AI within the Department of the Prime Minister and Cabinet to coordinate standards, investment policy and regulation across government. The reform reflects recognition that reliance on general privacy legislation and a voluntary ethics framework is no longer sufficient for advanced AI systems. Reuters
  • Illinois has enacted the Artificial Intelligence Safety Measures Act, becoming the third US state to regulate frontier models through annual independent safety audits, transparency reporting and catastrophic-risk plans. Anthropic is simultaneously pursuing a state-by-state lobbying strategy for stronger AI safety laws, while current and former OpenAI employees are backing a Super PAC supporting tighter regulation of frontier laboratories. Transparency Coalition | Politico | Wired
  • US states are rapidly developing rules for chatbots, healthcare AI, training-data transparency, synthetic media, digital replicas, worker protection and services used by minors. At least eleven states now regulate conversational AI, generally imposing identity disclosures, safety measures and enhanced safeguards against manipulative or sexualised interactions. Transparency Coalition | Transparency Coalition | IAPP
  • New York has introduced mandatory disclosures for advertisements featuring AI-generated synthetic performers, with escalating penalties for non-compliance. Google will similarly disclose advertisements created or materially altered with AI through its My Ad Center interface, although advertisers using external tools will be expected to self-report. Transparency Coalition | TechCrunch
  • Argentina has proposed recognising “non-human corporations” operated by AI, alongside rules for decentralised autonomous organisations. The proposal nevertheless requires a human administrator and expressly preserves liability for damage caused by AI-run entities, limiting the extent to which artificial systems could operate independently of human legal responsibility. Reuters
  • A California lawsuit alleges that Meta used AI-derived productivity scores and measures of employee “AI token usage” to target workers with disabilities or on medical leave during redundancies. The claim invokes anti-discrimination law and emerging audit requirements, while Meta maintains that the relevant workforce decisions were taken by people rather than automated systems. Reuters | CNBC
  • A California claimant has sued OpenAI alleging that ChatGPT reinforced delusions associated with bipolar disorder and contributed to a suicide attempt. The case raises difficult questions about product design, warnings, foreseeable vulnerability and whether general-purpose conversational systems owe heightened duties to users displaying signs of psychological crisis. Reuters

👾 Blockchain & Crypto-Assets

  • The UK Financial Conduct Authority (FCA) has finalised its long-awaited cryptoasset rulebook, significantly reducing the capital requirement for stablecoin issuers from the previously proposed 2% to 1% of the total value of circulating stablecoins. The framework also introduces clearer prudential, governance and safeguarding obligations for cryptoasset firms, reflecting the FCA’s attempt to balance financial stability with market competitiveness. Reuters

🪁 Children’s Rights

  • The European Commission and the Council have reached political agreement on a new Directive combating child sexual abuse, introducing new criminal offences covering AI-generated child sexual abuse material (CSAM), deepfakes, and livestreamed abuse. In parallel, Member States agreed to reinstate the interim regime permitting online service providers to voluntarily detect, report and remove CSAM pending adoption of permanent legislation. Together, the measures significantly expand the EU’s legal framework for addressing technology-enabled child exploitation. European Commission | Council of the EU
  • A growing number of US states continue to enact AI legislation specifically aimed at protecting children online. Recent measures include New Jersey’s Kids Code Act, Rhode Island’s restrictions on AI chatbots and AI therapy, California’s requirements for human oversight in schools, and a range of new disclosure and deepfake rules under consideration in New York, Hawaii, Michigan and Pennsylvania. The emerging trend demonstrates increasing state-level regulation in the absence of comprehensive federal AI legislation. Transparency Coalition

🎩 Competition

  • Apple has challenged the findings of India’s Competition Commission (CCI), arguing that the regulator largely “copy-pasted” complaints submitted by rival companies rather than conducting an independent investigation into the App Store. The case concerns Apple’s requirement that developers use its proprietary payment system and could result in significant behavioural remedies if the CCI ultimately concludes that Apple abused its dominant position. The proceedings represent India’s latest major competition case against a global digital platform. Reuters
  • Competition issues continue to emerge in the context of digital payment ecosystems. The launch of the Open USD stablecoin by Visa, Mastercard and Coinbase illustrates the increasing convergence between traditional payment networks and cryptoasset infrastructure, raising fresh questions about market concentration, interoperability and competition in digital payments under evolving financial regulation. Reuters
  • The European Commission has approved a €76 million German State aid measure supporting QuantumDiamonds GmbH’s establishment of a first-of-a-kind semiconductor testing facility under the European Chips Act. European Commission

🔐 Cybersecurity

  • The European Commission has proposed comprehensive reforms strengthening Europol and Eurojust’s technological capabilities. Among the most significant initiatives is the creation of an EU Police Shared Data Space to facilitate secure cross-border information exchange, joint digital investigations and cooperation concerning electronic evidence, alongside amendments modernising investigative procedures and evidence gathering across Member States. European Commission
  • Brazil’s telecommunications regulator Anatel has intensified enforcement against illegal broadband providers through “Operation Provedor Legal”, launching administrative proceedings and referring unauthorised operators for possible criminal investigation. The initiative reflects increasing regulatory attention to the resilience and integrity of national communications infrastructure. Convergencia Digital
  • Germany’s independent data protection authority in Schleswig-Holstein has supported new legislation introducing GPS-based electronic monitoring for high-risk domestic violence offenders. The legislation incorporates important privacy safeguards, including strict purpose limitation for victims’ location data and GDPR-compliant consent mechanisms, illustrating how cybersecurity and public safety measures increasingly intersect with data protection requirements. Datenschutz Notizen
  • The UK Information Commissioner’s Office (ICO) has published guidance explaining how data protection law can support, rather than impede, businesses’ crime prevention efforts. The guidance confirms that organisations may lawfully use CCTV, information sharing and other security measures where appropriately justified under data protection law, while emphasising the particularly high threshold applicable to facial recognition technologies. ICO

🔏 Data Protection & Privacy

  • The French data protection authority (CNIL) has published comprehensive guidance on the processing of location data generated by connected vehicles. The recommendations emphasise that such data can reveal highly sensitive aspects of individuals’ private lives and therefore require strict compliance with the principles of necessity, proportionality, transparency and data minimisation. The guidance also addresses multi-user vehicles, user rights and circumstances in which consent is or is not required. CNIL | CNIL
  • CNIL and the French National Gaming Authority (ANJ) have jointly issued guidance explaining how gambling operators should reconcile their obligations under the GDPR with sector-specific duties relating to anti-money laundering, responsible gambling and consumer protection. Among other issues, the guidance discusses the application of Article 22 GDPR to algorithmic systems used to identify vulnerable gamblers, stressing the importance of meaningful human review where significant decisions are made. CNIL
  • Germany’s Independent Data Protection Centre Saarland has clarified that, although employees acting within the scope of their duties are generally not “recipients” for the purposes of Article 15 GDPR, the position changes where an employee accesses personal data without authorisation. In such circumstances, data subjects may be entitled to obtain the employee’s identity together with relevant access logs, reinforcing organisations’ obligations to detect and investigate internal misuse of personal data. Datenschutz Notizen
  • The District Court of Warsaw has awarded PLN 40,000 in non-material damages after a public authority mistakenly disclosed a citizen’s personal data to more than 28,000 public entities. Rejecting the controller’s reliance on an alleged IT system failure, the Court held that the controller remained responsible under Article 82 GDPR for failing to implement adequate safeguards protecting personal data. GDPRhub
  • The Higher Regional Court of Cologne has refused a doctor’s request to erase a transparency notice displayed on an online review platform. The Court accepted that the notice constituted personal data but concluded that it accurately reflected the platform’s moderation practices and that the platform’s legitimate interest in transparency outweighed the doctor’s privacy interests under Article 6(1)(f) GDPR. GDPRhub
  • The District Court of The Hague has reaffirmed that data subjects may use GDPR access requests even where litigation is contemplated. Rejecting arguments that the requests constituted an abuse of rights, the Court ordered online gambling operators to provide complete transaction data, confirming that controllers cannot refuse access merely because the information may subsequently be relied upon in legal proceedings. GDPRhub

🛒 E-Commerce & Digital Consumer

  • The Portuguese Supreme Court has referred Associação Ius Omnibus v Airbnb Ireland UC to the Court of Justice of the European Union, raising questions concerning the interaction between the Rome I Regulation and the E-Commerce Directive. The reference asks whether acceptance of online terms of service constitutes a contract for the purposes of Article 6 Rome I and how mandatory consumer protection rules apply to contracts between consumers and information society service providers. The judgment is expected to have significant implications for cross-border e-commerce and platform contracts throughout the EU. EUR-Lex
  • Brazil’s Attorney General has formally requested YouTube to remove channels promoting illegal gambling platforms, arguing that tutorials explaining how to access or establish unauthorised betting services facilitate unlawful activity. The notice warns that failure to remove the content could expose the platform to civil liability, illustrating the growing willingness of public authorities to impose responsibility on intermediaries for facilitating illegal online commercial activity. Convergencia Digital

👩🏼‍🎨 Intellectual Property

  • The Court of Justice of the European Union has ruled in M.M. Ristorazione (Case C-132/25) that Article 9(5) of the Intellectual Property Rights Enforcement Directive precludes national legislation allowing certain provisional measures to remain in force where the claimant fails to commence proceedings on the merits within the prescribed period. The judgment reinforces the temporary nature of interim IP remedies and limits the possibility of maintaining de facto permanent injunctions without substantive litigation. EUR-Lex

👩‍💻 Legal Tech

  • The US government has requested OpenAI to postpone the full public release of GPT-5.6, allowing access initially only to a limited group of vetted partners while national security assessments are carried out. The development follows a new executive framework encouraging frontier AI developers to provide advanced models to the government for early review before wider deployment. The episode marks a significant step towards an informal pre-deployment oversight regime for frontier AI systems in the United States. Reuters
  • Portugal has launched Amalia, its first open-source large language model, joining wider European efforts to strengthen technological sovereignty in artificial intelligence. Supported through public funding and EU recovery funds, the model is intended to provide public institutions, researchers and businesses with a domestic AI foundation model capable of supporting sector-specific applications while reducing dependence on foreign providers. Reuters
  • Switzerland has modernised its debt enforcement system through legislation introducing electronic service of documents, digital objections, online auctions and a nationwide electronic information infrastructure. The reforms illustrate the continuing digital transformation of judicial administration and civil enforcement procedures. Swissblawg

And that’s a wrap for the first half of July. Pop back in a tick for the remainder. Toodles.

If you have any thoughts or suggestions on how to make this digest more enjoyable, feel free to drop a line. Your feedback is always welcome!

Featured image generated using DALL·E 3.

Sena Kontoğlu Taştan

IT law enthusiast and researcher.

Leave a Reply

Your email address will not be published. Required fields are marked *