New enforcement sweep on cookie banners, conducted by Netherlands privacy regulator, shows both EU and US companies that the need to prioritize website tracking hygiene and transparency.
In Europe:
Netherlands privacy...more
11/11/2025
/ California Consumer Privacy Act (CCPA) ,
Consent ,
Consumer Protection Laws ,
Cookie Banners ,
Cookies ,
Data Breach ,
Data Privacy ,
Enforcement Actions ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-In ,
Opt-Outs ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws ,
Transparency ,
Web Tracking
The Attorney’s General of Connecticut, California and New York reached a $5.1 million settlement with Illuminate Education, for failing to implement proper information security measures to protect data of students that it was...more
11/10/2025
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Personal Information ,
Privacy Laws ,
Regulatory Requirements ,
School Districts ,
Settlement ,
State Attorneys General ,
State Privacy Laws ,
Students
New bill, proposed by Bill Cassidy (R-LA), Chair of the Senate Health, Education, Labor and Pensions Committee (HELP), purports to apply the privacy and security practices under the HITECH Act, to entities that process non...more
11/10/2025
/ Business Associates ,
Consumer Privacy Rights ,
Covered Entities ,
Data Breach ,
Data Privacy ,
Data Security ,
Digital Health ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
HITECH Act ,
Mobile Health Apps ,
New Legislation ,
Notice Requirements ,
PHI ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Requirements
The Philippines’ National Privacy Commission (NPC) has directed Tools for Humanity (Worldcoin) to stop processing biometric data, emphasizing that biometric information is not a commodity for trade....more
10/24/2025
/ Biometric Information ,
Consent ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Enforcement Actions ,
Privacy Laws ,
Regulatory Requirements ,
Sensitive Personal Information ,
State Privacy Laws
A Bavarian court held that a store’s private security guard lawfully used a body-worn camera under Article 6(1)(f) GDPR to protect property, maintain order, and ensure staff safety, in a decision that provides actionable...more
10/23/2025
/ Biometric Information ,
Cameras ,
Consent ,
Data Privacy ,
Data Protection ,
Data Retention ,
Disclosure Requirements ,
General Data Protection Regulation (GDPR) ,
Notice Requirements ,
Privacy Laws ,
Retailers ,
State Privacy Laws ,
Transparency
The U.S. Department of Justice’s Sensitive Data Bulk Transfer Rule is in effect. That includes, as of Oct. 6, 2025, the requirements on due diligence and compliance.
What does this mean?...more
10/16/2025
/ Audits ,
Compliance ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Transfers ,
Department of Justice (DOJ) ,
Due Diligence ,
Personal Data ,
Regulatory Requirements ,
Risk Management ,
Sensitive Personal Information
The California Privacy Protection Agency (CPPA) recently issued a $1.35 million fine against a California business for privacy law violations. They also issued a detailed multi-year compliance plan....more
10/8/2025
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cookies ,
Data Privacy ,
Enforcement Actions ,
Fines ,
Opt-Outs ,
Privacy Laws ,
Privacy Policy ,
Regulatory Requirements ,
State Privacy Laws ,
Web Tracking
The European Data Protection Supervisor (EDPS) recently issued a TechDispatch on Automated Decision Making.
Here is what you need to know:...more
10/1/2025
/ Algorithms ,
Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Compliance ,
Data Privacy ,
Data Protection ,
EDPS ,
EU ,
General Data Protection Regulation (GDPR) ,
Regulatory Oversight ,
Risk Management ,
Transparency
The European Data Protection Supervisor (EDPS) recently issued a TechDispatch on Automated Decision Making.
Here is what you need to know:
Part 1: 12 Myths About Automated Decision-Making (ADM) Systems-...more
9/29/2025
/ Algorithms ,
Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Bias ,
Data Privacy ,
Data Protection ,
Ethics ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Privacy-By-Design ,
Regulatory Oversight ,
Risk Management ,
Transparency
The California Privacy Protection Agency recently published materials in advance of its upcoming discussion of the Delete Act Regulations, which regulate the centralized data broker Delete Request and Opt-out Platform (the...more
California may soon regulate the use of high-risk automated decision systems (ADS) by California employers. The state’s legislature recently sent SB-7 to Governor Gavin Newsom.
What do you need to know?...more
9/16/2025
/ Automated Decision Systems (ADS) ,
California ,
Disclosure Requirements ,
Employee Rights ,
Employer Responsibilities ,
Hiring & Firing ,
New Legislation ,
Notice Requirements ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Requirements ,
State Labor Laws ,
State Privacy Laws
What should you know about recent FTC enforcement actions announced over the last few days?
In short, privacy enforcement is a “go.”
Here are some takeaways....more
9/8/2025
/ Consent ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
COPPA ,
Data Collection ,
Data Privacy ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Geolocation ,
Location Data ,
Online Safety for Children ,
Privacy Laws ,
Regulatory Requirements ,
Sensitive Personal Information
When using biometrics in advertising, consent is not enough.
IAB Canada, a trade association for Canada’s interactive marketing and advertising industry, recently issued policy paper on using biometrics in digital...more
9/2/2025
/ Advertising ,
Biometric Information ,
Canada ,
Consent ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Federal Trade Commission (FTC) ,
Privacy Laws ,
Regulatory Requirements ,
Risk Assessment ,
Sensitive Personal Information ,
State Privacy Laws
The FTC has issued FAQs for Gramm-Leach-Bliley Act (GLBA) Safeguards Rule compliance by Motor Vehicle Dealers.
Here is what you need to know:
Step 1: Are you a financial institution?
• You are if you either finance (or...more
8/21/2025
/ Automotive Industry ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
GLBA Privacy ,
Gramm-Leach-Blilely Act ,
Information Security ,
Motor Vehicles ,
New Guidance ,
Privacy Rule ,
Regulatory Requirements ,
Safeguards Rule ,
Third-Party Risk
The annual review and update (if necessary) of privacy notices just got an upgrade to a “must do.”
This provision, found in California Consumer Privacy Act from the beginning, requires companies to assess their data...more
8/11/2025
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Disclosure Requirements ,
Enforcement Actions ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws
If you use a bot powered by artificial intelligence to interact with consumers, you need to disclose it.
A new law in Maine that goes into effect in September 2025 requires businesses to notify consumers in a clear and...more
Many U.S. states have recently added provisions regarding “minors” that greatly exceed what is required under the Children’s Online Privacy Protection Act (COPPA). In short, the new laws generally apply to people under 18,...more
7/31/2025
/ Advertising ,
Compliance ,
Consumer Protection Laws ,
COPPA ,
Data Privacy ,
Minors ,
New Legislation ,
Online Safety for Children ,
Personal Data ,
Personal Information ,
State Attorneys General ,
State Privacy Laws ,
Websites
Employers are increasingly monitoring and filtering the web browsing habits of employees.
The Commission Nationale de l’Informatique et des Libertés (CNIL) recently released new guidance (for public comment) on how...more
7/28/2025
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
CNIL ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Disclosure Requirements ,
Employee Rights ,
Employees ,
EU ,
Personal Data ,
Websites
America’s AI Action Plan is out, and it has three pillars: innovation, infrastructure, and international diplomacy and security.
This is different from the (now rescinded) AI Blueprint Executive Order issued by President...more
7/25/2025
/ AI Act ,
Algorithms ,
Artificial Intelligence ,
Bias ,
Biden Administration ,
Cybersecurity ,
Data Security ,
Federal Trade Commission (FTC) ,
Government Agencies ,
Innovation ,
National Security ,
Regulatory Reform
Connecticut Attorney General William Tong recently announced his office’s first enforcement action for violations of the Connecticut Data Privacy Act. “This law has now been in effect for two years,” Tong said in a...more
7/11/2025
/ Attorney General ,
Compliance ,
Connecticut ,
Consumer Privacy Rights ,
Data Privacy ,
Disclosure Requirements ,
Enforcement Actions ,
Fines ,
Penalties ,
Privacy Laws ,
State Attorneys General ,
State Privacy Laws
New Jersey recently released draft privacy regulations, and there is a lot to unpack and process.
In this three-part series, I will break down the regulations -
Part 1: The New Personal data:
• Scraping is carved...more
6/27/2025
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Data Collection ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
Data Retention ,
New Jersey ,
New Regulations ,
Opt-Outs ,
Personal Data ,
Privacy Laws ,
Proposed Rules ,
State Privacy Laws
The Attorney Generals of California, Connecticut, Delaware, New Jersey, Oregon and Vermont wrote a letter June 23, 2025 to Senate Majority Leader John Thune and Senate Minority Leader Chuck Schumer, objecting to a proposed AI...more
6/25/2025
/ Algorithms ,
Artificial Intelligence ,
Consumer Privacy Rights ,
Enforcement Actions ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Reform ,
Regulatory Requirements ,
State Attorneys General ,
State Privacy Laws ,
Technology Sector
Vermont recently adopted the Vermont Age-Appropriate Design Code Act, which goes into effect on January 1, 2027. The law is enforceable by the Vermont Attorney General as an unfair or deceptive act or practice. The Attorney...more
6/18/2025
/ Algorithms ,
Biometric Information ,
Data Collection ,
Data Privacy ,
Data Sellers ,
Duty of Care ,
Minors ,
New Legislation ,
Online Safety for Children ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws ,
Transparency ,
Unfair or Deceptive Trade Practices ,
Vermont
Following the Federal Trade Commission’s decision in December 2023 to ban Rite Aid from using AI facial recognition, it has become crystal clear that U.S. regulators expect a risk assessment when a retailer uses facial...more
Businesses should expect to see “increased enforcement” from the California Privacy Protection Agency now that the agency has had four years to staff up and implement rules, the CPPA’s executive director said in an interview...more
6/9/2025
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Enforcement ,
Enforcement Actions ,
Enforcement Priorities ,
New Regulations ,
Personal Information ,
Privacy Laws ,
State Privacy Laws