Privacy

Subscribe to Privacy via RSS

For those operating in the European Union, the list of digital technology laws is becoming daunting. Compliance with GDPR to the AI Act — with stops along the way for the ePrivacy Directive and many more – is a significant undertaking. To simplify this confusion, the European Commission is proposing modifications to many of its data laws. It released the first attempt of these changes in the Digital Omnibus Regulation ProposalContinue Reading Might We See a Streamlining of EU Digital Compliance?

A new lawsuit filed by the Texas Attorney General against Roblox has brought privacy, safety, and data handling into the spotlight for online platforms, especially those used by kids and teens. The allegations followed concerns raised by advocacy groups in 2024 and suggest that Texas will continue to be active in the privacy space.Continue Reading Texas Sets Sights on Roblox

The Dutch Data Protection Authority recently updated its cookie banner guidance. This comes after the agency, the Autoriteit Persoonsgegevens (or AP), promoted a goal earlier this year to monitor 500 websites a year to ensure their use of cookies complies with GDPR. The Dutch are not the only ones concerned about cookie banners. See, for example, activity from the UK that we wrote about last year. Of note, the Dutch authority stresses in its guide that even if a company uses third-party consent management platforms, the site operator is still responsible for compliance.Continue Reading Is Your Website’s Cookie Banner Up to Date? New Guidance from Dutch DPA

A recent settlement with an education service provider and three states – California, Connecticut, and New York – serves as a reminder to deactivate the credentials of departed employees. The case arose following a data breach suffered by Illuminate Education, which provides assessment software to K-12 school systems. As part of its services, the company stores sensitive details like students’ special education and accommodation needs.Continue Reading The Ghost of Employees Past: The Data Breach Risks from User-Credential Management

The European Data Protection Supervisor (EDPS) AI guidance for EU institutions has lessons for businesses. This includes when inputting personal information into these tools. The recommendations from the guidance fall into five categories, which businesses can take as potential principles. Namely:Continue Reading Protecting Personal Data in the Age of AI: Lessons from the Latest EDPS Guidance

The Southern District of California recently reminded companies that it has concerns about steps to take to make online terms binding. The case arose from a putative class action over alleged false pricing practices brought against Maggy London International Ltd. an online clothing retailer.Continue Reading Are Your Online Terms Enforceable?: Lessons from California

The Consortium of Privacy Regulators is growing. Meanwhile, CalPrivacy has announced a new program, a data broker “strike force.”Continue Reading State Privacy Action Grows: Consortium Expands, California Launches Data Broker Strike Force

California has set what may be an emerging trend with AB 45, restricting collection and use of personal information collected near family planning facilities. The law was signed recently by h Governor Newsom and is set to go into effect January 1, 2027. It provides for penalties of $25,000 fine per violation.Continue Reading Keep Out! California Draws the Privacy Fence Around Health Data

If you thought social media needed a warning label, many state regulators agree. California recently passed a new warning label law, which will take effect on January 1, 2027. That is, unless it is challenged. Meanwhile, Colorado is fighting to keep alive a similar law following a NetChoice challenge. Other states (like Arkansas, California, Florida, Utah, Maryland, Mississippi, Ohio, and Texas) have not been successful, seeing similar laws stopped on First Amendment grounds.Continue Reading Warning! States Continue to Worry About Social Media and Teens

Italy became the first EU country to enact a comprehensive national AI law when its AI law (Law No. 132/2025) took effect last month. The law is intended to work with the existing EU AI Act, but with more details and specific obligations. In fact, it mirrors many of the themes that are being implemented in US AI laws (like those in Texas, Virginia (vetoed), and Colorado). This may be one of many similar laws we see coming out of Europe this year, and the potential for a fragmented AI regulatory patchwork in the EU.Continue Reading When in Rome—Make Your AI Do As the Regulators Do