Key point: Recent legislative efforts in Massachusetts, seeking to add another comprehensive data privacy law to the national patchwork of state laws, and| Byte Back
Four federal courts issued decisions in August involving claims that healthcare companies violated the Electronic Communications Privacy Act (ECPA) by deploying tracking technologies—such as the Meta Pixel and Google Analytics—on their websites.[1] The decisions highlight an emerging split on what it takes to invoke the ECPA’s “crime-tort exception,” and provide important guidance for healthcare organizations...Continue Reading…| Byte Back
Key point: The California Legislature is considering a bill that would impose comprehensive requirements on the development, deployment, and use of| Byte Back
In this post: (1) The 9th Circuit tightens what “harm” a plaintiff must suffer to have standing; (2) the D.C. Circuit adds to growing circuit split on defining “consumers”; (3) Three courts find plaintiffs consented via website terms; (4) Courts split on whether software that captures content and address information qualifies as “pen register”; and (5) Daniel’s Law receives first decision narrowing statute.| Byte Back
In this post: (1) The 9th Circuit tightens what “harm” a plaintiff must suffer to have standing; (2) the D.C. Circuit adds to growing circuit split| Byte Back
Key point: Beginning November 10, 2025, DoD contracting officers will begin adding Cybersecurity Maturity Model Certification (CMMC) requirements to| Byte Back
Key point: The European General Court has upheld the European Commission’s adequacy decision for the EU-U.S. Data Privacy Framework, confirming that the| Byte Back
Key point: CMMC took another step towards reality, with OIRA clearing for publication the DFARS proposed rule that will add CMMC requirements as a condition of award for new contracts. What happened: On August 25, 2025, the Office of Management and Budget’s Office of Information and Regulatory Affairs (OIRA) completed its review of the DoD’s...Continue Reading…| Byte Back
Key point: During Colorado’s legislative special session, which aimed to address budgetary shortfalls resulting from this year’s federal appropriations act, lawmakers approved a delay in the Colorado AI Act’s effective dates. Colorado lawmakers amended the Colorado AI Act, shifting the law’s effective date from February 1, 2026, to June 30, 2026. This delay applies to...Continue Reading…| Byte Back
Key point: With the Cybersecurity Information Sharing Act of 2015 (CISA 2015) scheduled to sunset on September 30, 2025, Congress will need to act quickly to renew the law and maintain, if not improve, the liability protections for industry when sharing cyber threat indicators and defensive measures. Supporters of reauthorization—including Sen. Gary Peters (D., Mich.),...Continue Reading…| Byte Back
In this post: (1) California courts split on personal jurisdiction post-Briskin; (2) District courts dismiss VPPA claims against movie theaters & online platforms; (3) ND Cal courts find “crime-tort” exception met in non-healthcare cases; (4) Jury returns verdict against Flo Health in privacy case; and (5) Privacy Plaintiffs find new theory in Colorado law. This is...Continue Reading…| Byte Back
Keypoint: Colorado policymakers outlined their privacy and AI priorities at a recent Husch Blackwell event. In early March, Husch Blackwell hosted a| Byte Back
Keypoint: In this post: (1) California considers a “commercial exception” to wiretapping and pen registry laws; (2) a rise in federal wiretapping claims| Byte Back
Keypoint: Twenty-five (25) privacy decisions from October-December show a significant uptick in the number of pixel-based wiretapping decisions issued| Byte Back
In this post: (1) Website tracking litigation risk remains as SB 690 is designated “two-year bill”; (2) Second Circuit reinforces narrower interpretation of PII to “shut the door for Pixel-based VPPA claims”; (3) Courts require individualized harm to establish standing; (4) Dismissals increase where plaintiffs fail to provide detailed allegations; and (5) Courts split on whether commercial intent can defeat application of “crime-tort exception” under federal ECPA.| Byte Back
Keypoint: Connecticut once again moves the needle on state privacy laws while at the same time integrating changes from other state laws. On June 25,| Byte Back
Keypoint: In this post: (1) Standing may depend on how specific plaintiffs’ complaint is; (2) the 2nd Circuit adopts the 3rd and 9th Circuit’s narrower| Byte Back
Keypoint: If signed into law, Colorado companies that process children’s data will have new requirements beginning on October 1, 2025. Prior to the| Byte Back
Keypoint: Courts have started to issue Pixel-based wiretapping decisions, the Seventh Circuit weighs in on when a manufacturer can be forced to pay| Byte Back
Keypoint: If signed into law, Colorado will become the first state to enact legislation regulating the use of high-risk artificial intelligence systems.| Byte Back
Keypoint: Last week, the Colorado legislature passed a bill amending the Colorado Privacy Act to add provisions regarding biometric data and the| Byte Back
Keypoint: Since our last update, the Connecticut Senate passed an algorithmic discrimination bill, an algorithmic discrimination bill was introduced in| Byte Back
Our industry teams collaborate across practice areas to deliver in-depth solutions to the most complex business challenges. We bring together the best legal minds and reach beyond law to include experienced industry professionals. This approach gives our clients a greater perspective and ensures forward-thinking results.| Byte Back