Photo of James O'Reilly*

James O'Reilly*

Subscribe to James O'Reilly*'s Posts

James O'Reilly is a Cybersecurity and Privacy Fellow in the firm’s Chicago office.

In the second in our series of new CCPA regulations from California, we look at proposed rules for use of automated decisionmaking technology. As a reminder, CCPA discusses these technologies in relation to profiling, namely “any form of automated processing of personal information” to analyze or predict people’s work performance, health, and personal preferences, among other things.Continue Reading California’s Privacy Regulator Had a Busy November, Automated Decisionmaking Edition: What Does It Mean for Businesses?

The California Privacy Protection Agency released proposed CCPA rules for a variety of topics in November, as well as announcing an investigative sweep for compliance with the Delete Act. Topics include the following, which we cover in this week’s California-focused blog posts:Continue Reading California’s Privacy Regulator Had a Busy November: What Does It Mean for Businesses?

UPDATED: The FTC announced May 9, 2025 that it will defer enforcement of the rule until July 14, 2025.

The FTC updated its Negative Option Rule last month and gave it a new name to emphasize the expanded scope of programs to which it applies. It will now be the “Rule Concerning Recurring Subscriptions and Other Negative Option Programs.” The updated rule, as the FTC outlines, will now be applicable to nearly all forms of negative option marketing.Continue Reading Click! FTC Updates Its Negative Option Rule

The European Data Protection Board issued draft guidelines last month that outline when processing can be considered done for “legitimate interest.” The public has until November 20 to provide comments to the draft.Continue Reading How Legitimate Is Your Business Interest? The EDPB Has Some Thoughts

Regulations impacting children’s use of social media continues to be a space in motion the past few months. There have been developments at both the state level, as well as with the FTC. And there is no sign of slowing down. In this article we give a roundup of some recent developments worth keeping in mind.Continue Reading #StatusUpdate on Social Media, Apps, and Children’s Privacy

The New York Department of Financial Services has modified its cybersecurity requirements for regulated entities. These requirements are in addition to those included in the regulations as last updated in November of last year. The new requirements go into effect November 1, 2024. They modify several parts of the rule, including:Continue Reading Amendments to NYDFS’ Cybersecurity Regulations Take Effect November 1

The FTC’s staff report summarizes how it views the operations of social media and video streaming companies. Of particular interest is the insight it gives into potential enforcement focus in the coming months, and into 2025. Of particular concern for the FTC in the report, issued last month, were the following:Continue Reading FTC Social Media Staff Report Suggests Enforcement Direction and Expectations