In late September, plaintiffs announced details regarding Google LLC’s (“Google”) and women’s health app developer, Flo Health Inc.’s (“Flo”) proposed settlements to resolve a class action lawsuit stemming from the Flo app’s allegedly unlawful sharing of health data with Google and others through online tracking technologies. As part of the proposed settlements, Google agreed to... Continue Reading…| Inside Privacy
On September 24, Senate Democratic Leader Chuck Schumer (D-N.Y.), Senator Maria Cantwell (D-Wash.), and Senator Ed Markey (D-Mass.) introduced the Management of Individuals’ Neural Data (“MIND”) Act of 2025, which would require the Federal Trade Commission (“FTC”) to conduct a study and provide a report examining the governance of “neural data” under existing law and... Continue Reading…| Inside Privacy
On September 17, 2025, Brazil enacted the Digital Statute of the Child and Adolescent (“Digital ECA”), establishing a pioneering regulatory framework for protecting children (under 12 years of age) and adolescents (between the ages of 12 and 18) online. Brazil’s Congress approved the new law in a matter of just a few days in response... Continue Reading…| Inside Privacy
The California Civil Rights Council and the California Privacy Protection Agency have recently passed regulations that impose requirements on employers who use “automated-decision systems” or “automated decisionmaking technology,” respectively, in employment decisions or certain HR processes. On the legislative side, the California Legislature passed SB 7, which would impose additional obligations on employers who use... Continue Reading…| Inside Privacy
On September 16, 2025, the European Commission launched a call for evidence to collect feedback and best practices on simplifying several key areas of the EU digital rulebook, ahead of its planned Digital Omnibus package. This initiative targets legislation related to data, cybersecurity, and artificial intelligence, aiming to reduce administrative burdens and compliance costs for... Continue Reading…| Inside Privacy
On September 5, 2025, the European Commission announced the launch of the process to adopt an adequacy decision for Brazil under the General Data| Inside Privacy
Inside Privacy is written by the Data Security lawyers at Covington & Burling and offers updates on Privacy Law.| Inside Privacy
On August 20, 2025, the Federal Trade Commission (“FTC”) sued Fitness International, LLC and Fitness & Sports Club LLC – the parent companies of LA Fitness and other gym chains – for violations of Section 5 of the FTC Act and the Restore Online Shoppers’ Confidence Act (“ROSCA”) in connection with alleged practices that make it... Continue Reading…| Inside Privacy
On August 29, the Oregon Department of Justice (DOJ) issued an enforcement report and press release covering its first year of enforcement of the Oregon Consumer Privacy Act (OCPA). The OCPA took effect on July 1, 2024, and the cure period sunsets on January 1, 2026. We previously summarized some of requirements in the OCPA... Continue Reading…| Inside Privacy
In August, the Federal Trade Commission (“FTC”) announced a $14 million settlement with Match Group, Inc. and Match Group, LLC (collectively, “Match”),| Inside Privacy
The U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) plans to delay the publication of its much-anticipated cybersecurity incident reporting rule implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”). According to an entry on the Spring 2025 Unified Agenda of Regulatory and Deregulatory Actions, released on September 4, 2025, CISA currently plans... Continue Reading…| Inside Privacy
On August 7, Massachusetts Governor Maura Healey signed into law a new Shield Law (S.2543) – the Shield Act 2.0 – that restricts providers’ ability to| Inside Privacy
*** Update: Note that the EU AI Liability Directive has been withdrawn in the meantime. Now that the EU Artificial Intelligence Act (“AI Act”) has entered| Inside Privacy
On July 24, 2025, the European Parliament (EP) published a study entitled Artificial Intelligence and Civil Liability – A European Perspective. The study| Inside Privacy
Autorenewal regulation has been a recent focus of both federal and state regulators. The U.S. Court of Appeals for the Eighth Circuit recently vacated the| Inside Privacy
Earlier this month, the California Privacy Protection Agency (“CPPA”) filed a petition in Sacramento County Superior Court to enforce an investigative| Inside Privacy
On July 17, 2025, the European Commission launched a “call for evidence” and public consultation on the Digital Fairness Act (“DFA”), an anticipated new| Inside Privacy
Personalized advertising and pricing are increasingly common online practices, and prompt discussions about fairness and consumer rights in the EU.| Inside Privacy
Digital contracts and subscriptions have significantly increased, with the subscription economy tripling since 2017, according to the European| Inside Privacy
On July 8, 2025, the Eighth Circuit issued a per curiam decision that vacated the FTC’s revised Negative Option Rule in its entirety. The opinion will| Inside Privacy
In July, the Federal Trade Commission (“FTC”) announced that telemedicine company NextMed agreed to pay $150,000 to settle charges that it deceptively| Inside Privacy
On July 18, 2025, the Cyberspace Administration of China (“CAC”) issued an announcement (“Announcement”) launching a mandatory online registration system| Inside Privacy
On June 6, 2025, President Trump issued an Executive Order (“Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive| Inside Privacy
On 12 July 2024, EU lawmakers published the EU Artificial Intelligence Act ("AI Act"), a first-of-its-kind regulation aiming to harmonise rules on AI| Inside Privacy
This quarterly update highlights key legislative, regulatory, and litigation developments in the second quarter of 2024 related to artificial intelligence| Inside Privacy
In early March 2024, the EU lawmakers reached agreement on the European Health Data Space (EHDS). For now, we only have a work-in-progress draft| Inside Privacy
On March 26, 2023, Virginia enacted a genetic privacy law (SB 1087) aimed at regulating the practices of direct-to-consumer (“DTC”) genetic testing| Inside Privacy
On April 17, the Nebraska governor signed the Nebraska Data Privacy Act (the “NDPA”) into law. Nebraska is the latest state to enact comprehensive| Inside Privacy
