Put AI to Work
April 15-18, 2019
New York, NY

Executive Briefing: The regulatory road ahead—How to navigate the legal trends driving AI in 2019

Anna Gressel (Debevoise & Plimpton LLP), Jim Pastore (Debevoise & Plimpton LLP), Anwesa Paul (American Express)
2:40pm3:20pm Wednesday, April 17, 2019
Secondary topics:  AI in the Enterprise, Ethics, Privacy, and Security
Average rating: *****
(5.00, 2 ratings)

Who is this presentation for?

  • C-level decision makers, general counsels, directors, privacy officers, and anyone else who wants to learn more about key legal trends applicable to AI



What you'll learn

  • Understand how key provisions in the GDPR and California Consumer Privacy Act apply to AI and machine learning
  • Gain insights into how the GDPR has been enforced since it took effect on May 25, 2018
  • Explore how current US laws and regulations apply to AI, and what regulatory trends are expected in 2019
  • Learn how plaintiffs and government agencies have been challenging uses of AI in US courts
  • Understand what companies can do today to mitigate legal and regulatory risks


What rights do consumers have under the GDPR and US laws to challenge decisions reached by algorithms? Does GDPR provide a broad “right to an explanation” for AI technologies? And will the US government succeed in arguing that Facebook violated US federal and state antidiscrimination laws through its targeted job and housing advertisements? These are critical questions about how laws and regulations apply to AI; these legal frameworks are in their early stages, and it has never been more important for companies to understand and mitigate the regulatory risks related to AI and machine learning.

Anna Gressel, Jim Pastore, and Anwesa Paul lead a crash course on the emerging legal and regulatory frameworks governing AI, including GDPR and the California Consumer Privacy Act. They also explore key lawsuits challenging AI in US courts and unpack the implications for companies going forward, helping you evaluate and mitigate legal and regulatory risks and position your AI products for success.

Topics include:

  • How key provisions in the GDPR and California Consumer Privacy Act apply to AI and, in particular, to algorithmic decision making and profiling
  • Trends in enforcement actions since the GDPR took effect on May 25, 2018
  • The US laws and regulations that apply to AI and machine learning (in the absence of national US legislation governing AI)
  • The lawsuits that have been brought in the US challenging the use of algorithms or machine learning and the issues that are likely to be litigated going forward
  • Concrete actions companies can take now to mitigate legal and regulatory risks
Photo of Anna Gressel

Anna Gressel

Debevoise & Plimpton LLP

Anna R. Gressel is a litigation associate at Debevoise & Plimpton LLP, where she’s a member of the firm’s Technology, Media, and Telecommunications Group. Her practice focuses on complex civil litigation, corporate governance, and intellectual property, and she actively advises on issues related to emerging technologies. She also maintains a pro bono practice that includes federal civil rights litigation and indigent criminal defense. Anna is the coauthor of “Storm Clouds or Silver Linings? Assessing the Impact of the US CLOUD Act on Cross-Border Criminal Investigations” with Frederick T. Davis, “Key Insights from the New York AI in Finance Summit,” “Report of the Investigation,” and “Do the Apps Have Ears? Cross-Device Tracking” with Jeremy Feigelson. She’s a member of the Bar of New York and is also admitted to practice before the US Courts of Appeals for the Second and Third Circuits and the US District Courts for the Southern and Eastern Districts of New York. Anna is a member of the Harvard Law School Women’s Alliance, the Federal Bar Council, and the Association of the Bar of the City of New York. She holds a JD from Harvard Law School, where she twice served as teaching assistant for the school’s flagship Negotiation Workshop course and the Harvard Negotiation Institute’s executive education programs. She also holds a BA from Pomona College and was the recipient of a Fulbright Research Fellowship to Morocco.

Photo of Jim Pastore

Jim Pastore

Debevoise & Plimpton LLP

Jim Pastore is a litigation partner at Debevoise & Plimpton LLP and a member of the firm’s Cybersecurity and Data Privacy practice and Intellectual Property Litigation Group. Jim has assisted a broad range of clients in cybersecurity and data privacy matters, including the Home Depot (in connection with its 2014 data breach), PayPal (in connection with a 2017 data security incident at its subsidiary, TIO Networks), American Express, KKR, and the NBA, among others. He’s been recognized by the Legal 500 for both his intellectual property and cybersecurity and data privacy work; by Chambers USA 2018 as a leading lawyer for privacy and data security; and by the National Law Journal as a cybersecurity trailblazer. He has also twice been named to Cybersecurity Docket’s “Incident Response 30,” to Benchmark Litigation’s “Under 40 Hot List,” and as a "rising star” by Law360 for his cybersecurity work. Previously, he was an assistant United States attorney in the Criminal Division of the Southern District of New York, where he was assigned to the Complex Frauds Unit and the Computer Hacking and Intellectual Property Section. He successfully litigated eight jury trials to verdict and was the lead prosecutor in United States v. Monsegur, a.k.a. “Sabu,” and Operation Cardshop, both of which were named to the FBI’s top 10 cases of 2012. He also led Operation Dirty RAT, which targeted the creators and users of Blackshades ransom and malware, resulting in the largest ever worldwide law enforcement action against cybercriminals. In connection with the so-called “doomsday virus,” he obtained a unique order to prevent catastrophic Internet outage. Before that, he was an associate at Debevoise, working on a variety of high-profile intellectual property matters, including the well-publicized Google books copyright litigation.

Jim is routinely sought out as a speaker on cybersecurity and data privacy and has been invited to present to the Department of Justice’s National Cyber Security Division and its National Advocacy Center, Georgetown Law’s Cybersecurity Law Institute, the FBI-led International Conference on Cyber Security, the annual meeting of the Association of Life Insurance Counsel (ALIC), and the Fiduciary and Investment Risk Management Association (FIRMA)’s National Risk Management Training Conference, as well as to the boards of multiple public companies. His publications include “Cybersecurity: Evaluating Transactional Risk,” “A Closer Look,” “New York State Department of Financial Services Expands Its Cyber Focus to Insurers,” and “Debevoise & Plimpton on Cybersecurity: Reducing Threats to Private Equity Firms and Their Portfolio Companies." He holds a JD, with distinction, from Stanford Law School, where he served as copresident of the Stanford Law & Technology Association and was a member of the Stanford Technology Law Review. He holds a BA, summa cum laude and Phi Beta Kappa, from the University of Notre Dame, where he was a Notre Dame Scholar, the recipient of the James E. Robinson Award for outstanding senior English major, and one of 40 class members of the Honors Program of the College of Arts & Letters.

Photo of Anwesa Paul

Anwesa Paul

American Express

Anwesa Paul is chief global privacy counsel at American Express, where she advises all parts of the business with legal questions relating to US and Canadian financial privacy laws, marketing privacy laws, online and mobile privacy self-regulatory guidelines, big data governance, and big data breaches. Previously, Anwesa was in-house counsel at online advertising technology startups Kinetic Social and Epic Media Group and worked in the privacy space at the New York State Attorney General’s Office Internet Bureau, handling consumer protection issues related to online marketing.