State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
State AG Pulse | Massive Google Settlement Shows AGs Serious About Privacy
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
Business Better Podcast Episode: Bridging Campuses: Legal Insights on Education Industry Consolidation – Privacy and Data Security
A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
The Privacy Insider Podcast Episode 10: 2025 Privacy Predictions: Hold My Beer, 2024
2025 Privacy Law Preview: Be Prepared
The American Privacy Right Act (APRA) explained
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
Navigating State Privacy Laws
[Webinar] AI and Data Privacy: Minimizing Risk and Maximizing Opportunity
Embracing Data Privacy to Drive Business Growth: On Record PR
Unauthorized Access Returns With "Get to Know Joe" — Unauthorized Access Podcast
Brazil's AI Legislation
Episode 293 -- Catching Up with California and Other State Privacy Laws
Website Privacy Litigation
Recent Developments in California Privacy Laws - The Consumer Finance Podcast
A new wave of state consumer privacy laws focused on limiting data collection is creating anxiety among businesses—and Maryland is leading the charge. The Maryland Online Data Privacy Act (MODPA), set to take effect in...more
Last May, Colorado Governor Jared Polis signed into law amendments to the Colorado Privacy Act ("CPA") that impose new obligations governing the collection, processing, retention, and disclosure of Coloradans' biometrics. The...more
Montana recently revised its Genetic Information Privacy Act to address neural data. The law went into effect in 2023, and applies to both entities that offer genetic testing services as well as entities that use genetic...more
On Monday, May 19, 2025, President Donald Trump signed the “Take It Down Act” into law. The Act, which unanimously passed the Senate and cleared the House in a 409-2 vote, criminalizes the distribution of intimate images of...more
In today’s data-driven sports industry, teams, leagues and sponsors increasingly rely on biometric and performance data to enhance player performance, prevent injuries and optimize contract negotiations. Such data collection...more
Financial institutions that use code-based tracking technologies may soon find themselves facing increased scrutiny and legal exposure as the next wave of class action litigation begins. On December 19, 2024, a member of...more
On April 24 2025, the French supervisory authority (CNIL) issued a draft recommendation to address challenges in collecting user consent for cookies and trackers across multiple devices (the Draft Recommendation). The new...more
Governance, risk, and compliance (GRC) can feel like thankless work at times. You can’t ship risk mitigation to market. It's not usually reflected on your balance sheet. Only especially canny investors notice the absence of...more
On April 28, 2025, Congress passed the “TAKE IT DOWN Act.” In addition to criminalizing intentional publication of non-consensual intimate imagery, including computer-generated intimate imagery (collectively, NCII), the bill...more
Keypoint: In this post: (1) The Ninth Circuit holds essentially any website can be sued in California; (2) two courts limit pen registry claims; (3) courts split on whether privacy policies establish consent for wiretapping...more
Just as we’re getting ready to pick out our cowboy boots and bolo ties for Beyoncé’s Cowboy Carter Tour, the Federal Trade Commission (FTC or Commission) published its long-awaited finalized amendments (Final Rule) to the...more
In Shah v. Capital One Financial Corporation, the Northern District of California handed down a ruling that may shape the trajectory of litigation involving tracking technologies, online privacy policies, and California’s...more
De nombreuses entreprises de services financiers sont tenues en vertu de lois et de règlements de vérifier l’identité de leurs clients. Il existe des outils technologiques novateurs qui simplifient le processus de...more
On April 7, 2025, Arkansas passed the Arkansas Children and Teens’ Online Privacy Protection Act (HB 1717) - a state law modeled closely after the federal Children and Teens’ Online Privacy Protection Act (widely referred to...more
On April 21, 2025, Arkansas Governor Sarah Huckabee Sanders signed into law the Arkansas Children and Teens’ Online Privacy Protection Act (Act), which will become effective on July 1, 2026. It draws inspiration from the...more
The 1:10:100 rule—coined in 1992 by George Labovitz and Yu Sang Chang, the rule describes how much bad data costs. Preventing the creation of bad data at its source costs $1. Remediating bad data costs $10. Doing nothing...more
Businesses need to remain vigilant regarding recent developments in consumer-based data privacy class actions. In recent weeks, the plaintiff class action bar has filed several lawsuits against The Trade Desk Inc. related to...more
Video game developer Ubisoft, Inc. came out on top earlier this month in the Northern District of California when a judge dismissed, with prejudice, a class action claiming that the company’s use of third-party website pixels...more
When browsing the internet, consumers are accustomed to being presented with advertisements for products for which they previously had searched. Through use of third-party tracking tools, companies are able to monitor visitor...more
In late March, an online retailer successfully asserted consent as a complete defense to a putative Pennsylvania Wiretapping and Electronic Surveillance Control Act of 1978 (WESCA) class action lawsuit, resulting in the...more
In honour of the International Association of Privacy Professionals (IAPP) London 2025 conference , we hosted a webinar on European privacy litigation. This post summarises some of the key UK privacy cases we covered in that...more
On March 27, 2025, a class action lawsuit was filed against the education technology (EdTech) company Instructure, the parent company of Canvas, a popular learning management system. The complaint alleges that Instructure...more
Two recent decisions by Québec’s data protection authority, the Commission d’accès à l’information (the “CAI”), should serve as cautionary tales for any business contemplating the deployment of biometric information...more
The French Data Protection Authority launches a public consultation on location data of connected vehicles, until May 20, 2025. This work will shape future regulations regarding the use of location data and its impact on...more
The California Invasion of Privacy Act continues to be a focal point for privacy litigation, particularly concerning website tracking practices. A recent case, Gabrielli v. Insider Inc. sheds new light on whether collecting...more