Data Revolution: How U.S. Privacy Laws Change the Way Data Should be Managed by Retail and Tech Industries
How and when to get consent for cross-device tracking has been a worry for many companies subject to GDPR and similar regimes. The French data protection authority, CNIL, adopted recommendations about this practice in 2020,...more
The California Consumer Privacy Act (CCPA) Regulations got a New Year update, with amendments effective on January 1, 2026. Think of these changes as a front-door refresh—strengthening key points to the privacy program—rather...more
Key point: In this post: (1) “Broken banner” claims proceed past pleading stage; (2) Courts continue to reject arguments that pen registers are limited to telephones but hope remains; (3) Offering movie trailers on websites...more
The past year was a busy one for privacy litigation: Website tracking litigation gained momentum. Plaintiffs repurposed legacy wiretap and video privacy statutes to target pixels, chat bots, and other AI-enabled user tools....more
The European Commission has published its regulatory proposal for the EU Digital Omnibus, a package of amendments seeking to streamline EU rules on data protection, artificial intelligence and digital regulation in an effort...more
Do you really need cookie consents to be incorporated into your mobile applications? New enforcement of the CCPA by California attorney general involving mobile game developer emphasizes the need to honor the right to Opt-Out...more
On November 19, 2025, the European Commission published two "Digital Omnibus" proposals as part of a wider Digital Package: (i) a Digital Legislation Omnibus that amends and consolidates large parts of the European Union's...more
The publication of the EU Digital Omnibus Proposal (“Omnibus”) on 19 November set out a two-part package of simplifications to its data protection rulebook. Pitched as a means to reduce regulatory friction and foster...more
Over the last several years, plaintiffs’ attorneys and other individuals have used antiquated wiretapping laws, including California’s 1967 wiretapping act, to allege that businesses with websites utilizing third parties and...more
The Dutch Data Protection Authority recently updated its cookie banner guidance. This comes after the agency, the Autoriteit Persoonsgegevens (or AP), promoted a goal earlier this year to monitor 500 websites a year to ensure...more
On 19 November 2025, the EC released a proposal for the Digital Omnibus regulation, which is a set of suggested changes to the EU rules that govern the digital sector....more
On 19 November 2025, the European Commission published two proposed regulations as part of its Digital Package on Simplification: the Digital Omnibus and the Digital Omnibus on AI....more
New enforcement sweep on cookie banners, conducted by Netherlands privacy regulator, shows both EU and US companies that the need to prioritize website tracking hygiene and transparency. In Europe: Netherlands privacy...more
On Friday, October 17, 2025, U.S. District Court Judge Vince Chhabria issued a biting Order granting defendant Eating Recovery Center, LLC’s (“ERC”) motion for summary judgment on the plaintiff Jane Doe’s California Invasion...more
In this post: (1) Courts find cookie banners and sign-in banners place users on notice of privacy policy; (2) but policy must explicitly notify users of practice to establish consent; (3) Courts disagree whether disclosure of...more
Unbeknownst to you, your school may be collecting and sharing digital information with third parties, and savvy plaintiff’s lawyers are using this to bring wiretapping lawsuits. Most schools are surprised to learn that by...more
As discussed in Part One of our Privacy Under Fire series, tools such as disclosures and cookie banners can no longer be treated as boilerplate. Recent lawsuits against high-profile companies show how these policies are being...more
California, Colorado, and Connecticut have launched a coordinated investigation targeting businesses that fail to honor Global Privacy Control (GPC) signals, which are browser-level settings allowing consumers to opt out of...more
Recent enforcement actions and announcements from the California Privacy Protection Agency (CPPA) and state Attorneys-General (AGs) in California, Colorado and Connecticut, and a California bill that passed the state...more
No more “checking the box.” Privacy policies should no longer be boilerplate for organizations that handle consumer data. Although the policies may be viewed by some organizations as an unimportant “box to check,” they are...more
While website privacy notices are now commonplace – and consumers might only skim them – a recent settlement highlights the importance of staying vigilant about complying with applicable consumer privacy laws. The Connecticut...more
In April of this year, the California Privacy Protection Agency imposed a $632,500.00 monetary penalty on American Honda Motor Co. In our discussion of that action - Are Cookies Banners Crumbling? – we raised the alarm for...more
Healthline Media has agreed to pay $1.55 million to resolve allegations that it violated the California Consumer Privacy Act (CCPA) – which is the largest settlement to date under the state’s landmark privacy law. The...more
In a recent decision, the U.S. District Court for the Northern District of California has construed the private right of action provision under the California Consumer Privacy Act (CCPA) broadly, which increases business risk...more
On April 16, data privacy law regulators in seven states announced the creation of the Consortium of Privacy Regulators, a bipartisan group of state regulators seeking to “share expertise and resources, as well as coordinate...more