The collection of data from websites at great scale – so-called data scraping – is the foundation for ChatGPT and most other Generative AI (GenAI) tools. Much of the previous discussion on the regulation of GenAI has focused on the US and EU and not so much on more technical aspects like data scraping. In response, this article focuses on the regulation of data scraping to build and deploy GenAI in China, and reviews applicable regulation and case law. We find that the sectoral approach to AI regulation in China provides important insights into balancing technological progress and societal values, diverging from the laissez-faire attitude in the US and the horizontal approach with the AI Act in the EU.

For years now, we have been advising clients to be cautious about including overly broad, or overly detailed, statements in their online privacy policies, noting that the FTC has in the past interpreted such statements as being representations to the market – such that false or misleading statements made therein could constitute misrepresentations. This article proves the background to the SEC complaint (I.); provides a overview of the SEC complaint’s critique of the online security statement published by SolarWinds, and the security disclosures in the securities filings of SolarWinds (II.); outlines the challenges posed by the SEC approach in the SEC complaint and the resulting blowback, in particular from chief information security officers (III.); highlights three key lessons learned from the SEC complaint (IV.); and concludes (V.) with a warning as to what this means for organizations publishing online security statements.