On August 7, 2025, the Federal Trade Commission (“FTC”) announced a $45 million settlement with online lead generator MediaAlpha, Inc. and its subsidiary QuoteLab, LLC (collectively, “MediaAlpha”), resolving allegations that the companies misled consumers seeking health insurance products. According to the FTC, MediaAlpha tricked consumers into sharing sensitive personal information under the guise of offering... Continue Reading…| Inside Privacy
In Nicole Pileggi v. Washington Newspaper Publishing Company LLC, the D.C. Circuit unanimously affirmed the district court’s dismissal of a complaint alleging that news magazine and website Washington Examiner disclosed consumers’ personal information through a third-party pixel in violation of the Video Privacy Protection Act (“VPPA”). In 2023, Pileggi alleged that the Examiner’s use of a third-party pixel on its site... Continue Reading…| Inside Privacy
On August 7, Massachusetts Governor Maura Healey signed into law a new Shield Law (S.2543) – the Shield Act 2.0 – that restricts providers’ ability to| Inside Privacy
*** Update: Note that the EU AI Liability Directive has been withdrawn in the meantime. Now that the EU Artificial Intelligence Act (“AI Act”) has entered| Inside Privacy
On July 24, 2025, the European Parliament (EP) published a study entitled Artificial Intelligence and Civil Liability – A European Perspective. The study| Inside Privacy
Last month, the D.C. Circuit in In re: Sealed Case, 2025 WL 2013687 (D.C. Cir. July 18, 2025) invalidated a non-disclosure order (“NDO”) that applied to prospectively issued subpoenas, holding that it failed to meet the statutory requirements in 18 U.S.C. § 2705(b) of the Stored Communications Act. Section 2705(b) permits the government to... Continue Reading…| Inside Privacy
Autorenewal regulation has been a recent focus of both federal and state regulators. The U.S. Court of Appeals for the Eighth Circuit recently vacated the| Inside Privacy
Earlier this month, the California Privacy Protection Agency (“CPPA”) filed a petition in Sacramento County Superior Court to enforce an investigative| Inside Privacy
On July 17, 2025, the European Commission launched a “call for evidence” and public consultation on the Digital Fairness Act (“DFA”), an anticipated new| Inside Privacy
Personalized advertising and pricing are increasingly common online practices, and prompt discussions about fairness and consumer rights in the EU.| Inside Privacy
Digital contracts and subscriptions have significantly increased, with the subscription economy tripling since 2017, according to the European| Inside Privacy
On July 8, 2025, the Eighth Circuit issued a per curiam decision that vacated the FTC’s revised Negative Option Rule in its entirety. The opinion will| Inside Privacy
In July, the Federal Trade Commission (“FTC”) announced that telemedicine company NextMed agreed to pay $150,000 to settle charges that it deceptively| Inside Privacy
A U.S. District Court recently denied a government application for an administrative inspection warrant to enter a private business for the purpose of searching for and seizing undocumented immigrants and investigating a pattern or practice of employing unauthorized aliens (sometimes referred to as a “Blackie’s” warrant after a seminal case, discussed below). Unlike a criminal... Continue Reading…| Inside Privacy
On July 18, 2025, the Cyberspace Administration of China (“CAC”) issued an announcement (“Announcement”) launching a mandatory online registration system and requiring “personal information processing entities” (equivalent to “data controller” under EU’s General Data Protection Rules) that process personal information of one million or more individuals to report the details of their personal information protection officer (“DPO”) through the “Personal Information Prote...| Inside Privacy
On July 18, 2025, the Cyberspace Administration of China (“CAC”) issued an announcement (“Announcement”) launching a mandatory online registration system| Inside Privacy
Inside Privacy is written by the Data Security lawyers at Covington & Burling and offers updates on Privacy Law.| Inside Privacy
On June 6, 2025, President Trump issued an Executive Order (“Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive| Inside Privacy
On August 1, 2024, the Office of the New York State Attorney General (OAG) released two Advanced Notices of Proposed Rulemaking (ANPRM) for the SAFE for| Inside Privacy
On May 19, 2025, New York’s Office of the Attorney General (“OAG”) published new guidance on the New York Child Data Protection Act (the “Act”), which| Inside Privacy
On 12 July 2024, EU lawmakers published the EU Artificial Intelligence Act ("AI Act"), a first-of-its-kind regulation aiming to harmonise rules on AI| Inside Privacy
This update focuses on how growing quantum sector investment in the UK and US is leading to the development and commercialization of quantum computing| Inside Privacy
On August 2, 2024, Illinois' governor signed into law S.B. 2979, a significant amendment to the Illinois Biometric Information Privacy Act (BIPA). The law| Inside Privacy
This quarterly update highlights key legislative, regulatory, and litigation developments in the second quarter of 2024 related to artificial intelligence| Inside Privacy
In early March 2024, the EU lawmakers reached agreement on the European Health Data Space (EHDS). For now, we only have a work-in-progress draft| Inside Privacy
On March 26, 2023, Virginia enacted a genetic privacy law (SB 1087) aimed at regulating the practices of direct-to-consumer (“DTC”) genetic testing| Inside Privacy
On April 17, the Nebraska governor signed the Nebraska Data Privacy Act (the “NDPA”) into law. Nebraska is the latest state to enact comprehensive| Inside Privacy
