How and when to get consent for cross-device tracking has been a worry for many companies subject to GDPR and similar regimes. The French data protection authority, CNIL, adopted recommendations about this practice in 2020,...more
1/29/2026
/ CNIL ,
Consent ,
Cookie Banners ,
Cookies ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
France ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Privacy Laws ,
Web Tracking
New changes are on the horizon for GDPR enforcement across the European Union. At the very end of 2025, the EU adopted a regulation intended to address procedures around GDPR enforcement (Regulation (EU) 2025/2518). The...more
1/29/2026
/ Corporate Counsel ,
Data Privacy ,
Data Protection ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
New Regulations ,
Privacy Laws ,
Regulatory Oversight ,
Regulatory Requirements
CalPrivacy followed up on its threat from last year to focus on data brokers. This month it settled with Rickenbacher Data LLC for failure to register as a data broker. The company is a Texas-based company that operates as...more
1/26/2026
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Penalties ,
Personal Information ,
Privacy Laws ,
Registration Requirement ,
Regulatory Requirements ,
State Privacy Laws
Indiana, Kentucky, and Rhode Island rang in the new year with their comprehensive privacy laws taking effect on January 1, 2026. Almost half of US states now have these fairly similar laws in place. Nuances exist from...more
For those operating in the European Union, the list of digital technology laws is becoming daunting. Compliance with GDPR to the AI Act — with stops along the way for the ePrivacy Directive and many more – is a significant...more
A new lawsuit filed by the Texas Attorney General against Roblox has brought privacy, safety, and data handling into the spotlight for online platforms, especially those used by kids and teens. The allegations followed...more
12/12/2025
/ Consumer Privacy Rights ,
COPPA ,
Data Privacy ,
Enforcement Actions ,
Online Platforms ,
Online Safety for Children ,
Parental Consent ,
Personal Information ,
Privacy Laws ,
State Attorneys General ,
State Privacy Laws ,
Texas ,
Unfair or Deceptive Trade Practices
The Dutch Data Protection Authority recently updated its cookie banner guidance. This comes after the agency, the Autoriteit Persoonsgegevens (or AP), promoted a goal earlier this year to monitor 500 websites a year to ensure...more
12/5/2025
/ Consent ,
Consumer Privacy Rights ,
Cookie Banners ,
Cookies ,
Data Privacy ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Personal Data ,
Personal Information ,
Regulatory Requirements ,
Third-Party ,
Web Tracking
A recent settlement with an education service provider and three states – California, Connecticut, and New York – serves as a reminder to deactivate the credentials of departed employees. The case arose following a data...more
12/4/2025
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Information Security ,
Insider Breach ,
Passwords ,
Popular ,
Regulatory Requirements ,
School Districts ,
Sensitive Personal Information ,
Settlement ,
State Attorneys General ,
State Privacy Laws ,
Third-Party Service Provider ,
Unfair or Deceptive Trade Practices
The European Data Protection Supervisor (EDPS) AI guidance for EU institutions has lessons for businesses. This includes when inputting personal information into these tools. The recommendations from the guidance fall into...more
The Southern District of California recently reminded companies that it has concerns about steps to take to make online terms binding. The case arose from a putative class action over alleged false pricing practices brought...more
12/1/2025
/ Arbitration Agreements ,
Binding Arbitration ,
Browsewrap Agreement ,
California ,
Clickwrap Agreements ,
Consent ,
Contract Drafting ,
Contract Formation ,
Dispute Resolution Clauses ,
Mandatory Arbitration Clauses ,
Online Contracts ,
Terms and Conditions ,
Terms of Use ,
Unenforceable Contract Terms
The Consortium of Privacy Regulators is growing. Meanwhile, CalPrivacy has announced a new program, a data broker “strike force.”
Minnesota and New Hampshire have joined with Colorado, Connecticut, Delaware, Indiana, New...more
11/25/2025
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Privacy Laws ,
Regulatory Oversight ,
State and Local Government ,
State Privacy Laws
California has set what may be an emerging trend with AB 45, restricting collection and use of personal information collected near family planning facilities. The law was signed recently by h Governor Newsom and is set to go...more
11/21/2025
/ California ,
Data Collection ,
Data Protection ,
Geolocation ,
Location Data ,
New Legislation ,
Personal Information ,
Privacy Laws ,
Reproductive Healthcare Issues ,
Sensitive Personal Information ,
State Privacy Laws
If you thought social media needed a warning label, many state regulators agree. California recently passed a new warning label law, which will take effect on January 1, 2027. That is, unless it is challenged. Meanwhile,...more
11/20/2025
/ California ,
Colorado ,
Constitutional Challenges ,
First Amendment ,
Minors ,
New Legislation ,
Online Safety for Children ,
Regulatory Requirements ,
Social Media ,
State Legislatures ,
State Privacy Laws ,
Telecommunications ,
Warning Labels
Italy became the first EU country to enact a comprehensive national AI law when its AI law (Law No. 132/2025) took effect last month. The law is intended to work with the existing EU AI Act, but with more details and specific...more
11/19/2025
/ AI Act ,
Artificial Intelligence ,
Deep Fake ,
Enforcement Actions ,
EU ,
Government Agencies ,
Healthcare ,
Investment ,
Italy ,
New Legislation ,
Penalties ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
California is getting serious about age checks online, and businesses should pay attention. Thanks to the passage of AB 1043, starting January 1, 2027, software makers and app stores will need to know the user’s age (or at...more
11/18/2025
/ App Developers ,
California ,
California Consumer Privacy Act (CCPA) ,
COPPA ,
Data Collection ,
Data Privacy ,
Data Protection ,
Minors ,
Mobile Apps ,
New Legislation ,
Online Safety for Children ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws ,
Telecommunications
California recently passed an amendment accelerating how quickly businesses must notify following a data breach. Previously, the requirement was to notify affected individuals “without unreasonable delay.” Beginning January...more
Companies are become increasingly concerned about being viewed as “selling” personal data. In the midst of these worries, California’s governor signed SB 361, which will change the California Delete Act starting January 1,...more
10/24/2025
/ California ,
California Privacy Protection Agency (CPPA) ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
New Regulations ,
Opt-Outs ,
Personal Data ,
Regulatory Requirements ,
State Privacy Laws
A thorny issue for companies has been how to handle data derived from personal information. Is it still personal information? Do privacy laws apply? The EU Court of Justice of grappled with this issue in a September decision....more
We are in the final quarter of the year, which is typically budgeting and planning for many issues, including -hopefully!- data incident preparedness. Is your organization able to take advantage of one of the growing number...more
For those keeping track of the growing list of US state “comprehensive” privacy laws, you know that the Maryland law (the Maryland Online Data Privacy Act or MODPA) went into effect on October 1st. This rounds us out for US...more
10/13/2025
/ Consumer Privacy Rights ,
Cure Periods ,
Data Collection ,
Data Privacy ,
Data Storage ,
Data Subject Access Requests ,
New Legislation ,
Notice Requirements ,
Privacy Policy ,
Regulatory Requirements ,
State Privacy Laws
Companies can take many lessons from the FTC’s recent COPPA settlement with a robot app from the toy manufacturer Apitor Technologies. According to the FTC complaint, the app allegedly allowed a Chinese entity to collect and...more
The CPPA scratched another task off the to-do list last month when it officially adopted proposed regulations under CCPA. These rules focus on three major areas: automated decision-making technology, risk assessments, and...more
Can we take any insights from Connecticut’s first settlement under the state’s Data Privacy Act, reached with TicketNetwork, an online ticket marketplace? The AG concerns mirrored priorities outlined in Connecticut’s 2025...more
Connecticut has revised its privacy law for the third time since it was passed in 2022. With SB 1295, the state has mirrored others (like Colorado and Montana) in making ongoing changes to its law. Many of the changes...more
Texas is getting into the AI action, with a new law (the Texas Responsible Artificial Intelligence Governance Act) that will place restrictions not only on AI use by government agencies, but businesses as well. In particular,...more
7/17/2025
/ Artificial Intelligence ,
Biometric Information ,
Business Entities ,
Compliance ,
Data Privacy ,
Healthcare ,
New Legislation ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws ,
Technology ,
Technology Sector ,
Texas