On September 17, 2025, the German Supervisory Authorities (Konferenz der unabhängigen Datenschutzaufsichtsbehörden des Bundes und der Länder, DSK) published new guidelines and recommendations addressing the complex requirements for transferring personal data, particularly health data (including health data contained in biomaterials), to countries outside of the European Economic Area for scientific research purposes under the GDPR.... Continue Reading…| Inside Privacy
Recently, California Governor Gavin Newsom signed into law several privacy and related proposals, including new laws governing browser opt-out preference signals, social media account deletion, data brokers, reproductive and health services, age signals for app stores, social media “black box warning” labels for minors, and companion chatbots. This blog summarizes the statutes’ key takeaways. Continue Reading…| Inside Privacy
Earlier this week, the ICO announced that it has fined UK-based outsourcing company, Capita, £14 million under the UK GDPR following a data breach in March 2023 that affected more than 6 million people. There are a few interesting points about this case, both from a security controls and fine calculation/settlement point of view, which... Continue Reading…| Inside Privacy
On September 30, 2025, the California Privacy Protection Agency (“Agency”) announced a decision and $1.35 million fine to resolve allegations that Tractor Supply Co. (“Tractor Supply”) violated the California Consumer Privacy Act (“CCPA”). The settlement comes after the Agency filed a petition to enforce an investigative subpoena against Tractor Supply. In addition to imposing the... Continue Reading…| Inside Privacy
On September 17, 2025, the Federal Trade Commission (“FTC”) and seven states – Colorado, Florida, Illinois, Nebraska, Tennessee, Utah, and Virginia – sued Live Nation and Ticketmaster for violations of Section 5 of the FTC Act and the Better Online Ticket Sales Act (“BOTS Act”). Additionally, each state Attorney General alleges violation of various state... Continue Reading…| Inside Privacy
On September 23, 2025, the Italian law on artificial intelligence (hereinafter, “Italian AI Law”) was signed into law, after receiving final approval by the Italian Senate on September 17, 2025. The law consists of varied provisions, including general principles and targeted sectoral rules in certain areas not covered by the EU AI Act. The Italian... Continue Reading…| Inside Privacy
The Cybersecurity Information Sharing Act of 2015 (“CISA 2015”), which provided protections for sharing cybersecurity threat information with the federal| Inside Privacy
In late September, plaintiffs announced details regarding Google LLC’s (“Google”) and women’s health app developer, Flo Health Inc.’s (“Flo”) proposed settlements to resolve a class action lawsuit stemming from the Flo app’s allegedly unlawful sharing of health data with Google and others through online tracking technologies. As part of the proposed settlements, Google agreed to... Continue Reading…| Inside Privacy
On September 24, Senate Democratic Leader Chuck Schumer (D-N.Y.), Senator Maria Cantwell (D-Wash.), and Senator Ed Markey (D-Mass.) introduced the Management of Individuals’ Neural Data (“MIND”) Act of 2025, which would require the Federal Trade Commission (“FTC”) to conduct a study and provide a report examining the governance of “neural data” under existing law and... Continue Reading…| Inside Privacy
On September 17, 2025, Brazil enacted the Digital Statute of the Child and Adolescent (“Digital ECA”), establishing a pioneering regulatory framework for protecting children (under 12 years of age) and adolescents (between the ages of 12 and 18) online. Brazil’s Congress approved the new law in a matter of just a few days in response... Continue Reading…| Inside Privacy
On September 5, 2025, the European Commission announced the launch of the process to adopt an adequacy decision for Brazil under the General Data| Inside Privacy
In August, the Federal Trade Commission (“FTC”) announced a $14 million settlement with Match Group, Inc. and Match Group, LLC (collectively, “Match”),| Inside Privacy
On August 7, Massachusetts Governor Maura Healey signed into law a new Shield Law (S.2543) – the Shield Act 2.0 – that restricts providers’ ability to| Inside Privacy
*** Update: Note that the EU AI Liability Directive has been withdrawn in the meantime. Now that the EU Artificial Intelligence Act (“AI Act”) has entered| Inside Privacy
On July 24, 2025, the European Parliament (EP) published a study entitled Artificial Intelligence and Civil Liability – A European Perspective. The study| Inside Privacy
Autorenewal regulation has been a recent focus of both federal and state regulators. The U.S. Court of Appeals for the Eighth Circuit recently vacated the| Inside Privacy
Earlier this month, the California Privacy Protection Agency (“CPPA”) filed a petition in Sacramento County Superior Court to enforce an investigative| Inside Privacy
On July 17, 2025, the European Commission launched a “call for evidence” and public consultation on the Digital Fairness Act (“DFA”), an anticipated new| Inside Privacy
Personalized advertising and pricing are increasingly common online practices, and prompt discussions about fairness and consumer rights in the EU.| Inside Privacy
Digital contracts and subscriptions have significantly increased, with the subscription economy tripling since 2017, according to the European| Inside Privacy
On July 8, 2025, the Eighth Circuit issued a per curiam decision that vacated the FTC’s revised Negative Option Rule in its entirety. The opinion will| Inside Privacy
In July, the Federal Trade Commission (“FTC”) announced that telemedicine company NextMed agreed to pay $150,000 to settle charges that it deceptively| Inside Privacy
On July 18, 2025, the Cyberspace Administration of China (“CAC”) issued an announcement (“Announcement”) launching a mandatory online registration system| Inside Privacy
On June 6, 2025, President Trump issued an Executive Order (“Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive| Inside Privacy
On 12 July 2024, EU lawmakers published the EU Artificial Intelligence Act ("AI Act"), a first-of-its-kind regulation aiming to harmonise rules on AI| Inside Privacy
This quarterly update highlights key legislative, regulatory, and litigation developments in the second quarter of 2024 related to artificial intelligence| Inside Privacy
On March 26, 2023, Virginia enacted a genetic privacy law (SB 1087) aimed at regulating the practices of direct-to-consumer (“DTC”) genetic testing| Inside Privacy
On April 17, the Nebraska governor signed the Nebraska Data Privacy Act (the “NDPA”) into law. Nebraska is the latest state to enact comprehensive| Inside Privacy