- What is new: The ICO is proposing to relax its enforcement of cookie consent requirements, meaning user consent would not be required for lower-risk advertising cookies.
- Why it matters: The proposals aim to address...more
8/6/2025
/ Advertising ,
Consent ,
Cookies ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Information Commissioner's Office (ICO) ,
New Guidance ,
Privacy Laws ,
UK ,
Web Tracking
As federal privacy enforcement shows signs of slowing, states are aggressively stepping in to fill the void.
On July 1, 2025, the California attorney general (AG) announced a $1.55 million settlement with Healthline Media,...more
7/22/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
Connecticut ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Opt-Outs ,
Privacy Acts ,
Privacy Laws ,
Sensitive Personal Information ,
State Attorneys General ,
State Privacy Laws
On 25 June 2025, the European Commission announced its proposal for a “Space Act” that would introduce a new regulatory framework for EU space activities. The proposed framework includes cyber-resilience obligations for EU...more
7/9/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Enforcement ,
EU ,
National Security ,
Outer Space ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management
On April 23 and 24, 2025, regulators, industry leaders and data privacy leaders from across the globe convened in Washington, D.C. for the 2025 International Association of Privacy Professionals (IAPP) Global Privacy Summit....more
5/5/2025
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
State Privacy Laws ,
Technology ,
UK
In a major development for businesses subject to state data privacy laws, eight state privacy regulators have joined forces to form the “Consortium of Privacy Regulators,” a bipartisan coalition aimed at coordinating...more
5/5/2025
/ California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Enforcement ,
Enforcement Actions ,
Personal Information ,
Privacy Laws ,
Regulatory Requirements ,
State Attorneys General ,
State Privacy Laws
In two recent rulings, judges in the U.S. Northern District of California have allowed proposed class actions under the California Consumer Privacy Act (CCPA) to proceed without an allegation of a data breach, departing from...more
As Trump administration directives emerge, it’s crucial for businesses and other stakeholders to stay informed and adapt their strategies accordingly. We will provide ongoing coverage of these developments and their potential...more
2/4/2025
/ Affirmative Action ,
Artificial Intelligence ,
Climate Change ,
Cybersecurity ,
Diversity and Inclusion Standards (D&I) ,
Energy Sector ,
Environmental Social & Governance (ESG) ,
Executive Orders ,
Federal Contractors ,
Financial Regulatory Reform ,
Healthcare ,
Intellectual Property Protection ,
International Litigation ,
International Trade ,
Legislative Agendas ,
Life Sciences ,
National Security ,
New Legislation ,
New Regulations ,
OECD ,
Privacy Laws ,
Regulatory Agenda ,
Technology Sector ,
Trade Policy ,
Trump Administration
On January 16, 2025, the Federal Trade Commission (FTC) finalized amendments to the Children’s Online Privacy Protection Act (COPPA) Rule (Final Rule) relating to the collection, use and disclosure of personal information...more
1/30/2025
/ Consent ,
Consumer Privacy Rights ,
COPPA ,
Data Privacy ,
Data Retention ,
Data Security ,
Disclosure Requirements ,
Federal Trade Commission (FTC) ,
Final Rules ,
Online Safety for Children ,
Personal Information ,
Privacy Laws ,
Regulatory Requirements
Cyber threats continue to grow as a result of increased digitization, widespread use of cloud computing, advanced connectivity and artificial intelligence (AI), requiring boards of directors across all sectors to focus more...more
11/22/2024
/ Artificial Intelligence ,
Board of Directors ,
Corporate Governance ,
Crisis Management ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Machine Learning ,
Privacy Laws ,
Publicly-Traded Companies ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Litigation ,
Third-Party
In this edition of Insights, we take a closer look at the megadeals and sponsor transactions driving recent M&A activity, the importance of staying ahead of the risks in AI development and deployment, and other diverse...more
9/30/2024
/ Acquisitions ,
Administrative Procedure Act ,
Artificial Intelligence ,
Chevron Deference ,
Corner Post Inc v Board of Governors of the Federal Reserve System ,
Corporate Governance ,
Delaware General Corporation Law ,
Federal Bans ,
Federal Trade Commission (FTC) ,
Final Rules ,
Government Agencies ,
Judicial Authority ,
Loper Bright Enterprises v Raimondo ,
Machine Learning ,
Mergers ,
Non-Compete Agreements ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Authority ,
Regulatory Requirements ,
SCOTUS ,
SEC v Jarkesy ,
Securities and Exchange Commission (SEC) ,
Shareholder Litigation ,
Shareholders ,
Technology Sector
As AI systems become more complex, companies are increasingly exposed to reputational, financial and legal risks from developing and deploying AI systems that do not function as intended or that yield problematic outcomes....more
9/30/2024
/ Artificial Intelligence ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
NIST ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology Sector ,
U.S. Commerce Department
As AI systems become more complex, companies are increasingly exposed to reputational, financial and legal risk from developing and deploying AI systems that do not function as intended or that yield problematic outcomes. The...more
9/4/2024
/ Artificial Intelligence ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
EU ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology Sector ,
UK
Two recent settlements under the False Claims Act (FCA):
- Signal enhanced risk around cybersecurity for recipients of federal funds.
- Underscore the need to assess compliance with cybersecurity requirements and...more
Both the EU and Germany are taking significant steps to accelerate digitalization in the health sector and facilitate the exchange and use of health data for research and innovation purposes.
They aim to improve...more
4/4/2024
/ Analytics ,
Artificial Intelligence ,
Cybersecurity ,
Data Protection ,
Data-Sharing ,
Digital Health ,
EU ,
Germany ,
Healthcare ,
Life Sciences ,
Machine Learning ,
Pharmaceutical Industry ,
Popular ,
Privacy Laws ,
Research and Development
A proposed settlement action filed on December 19, 2023, by the Federal Trade Commission (FTC) against Rite Aid Corp. highlights some of the key issues presented when companies use artificial intelligence (AI) for facial...more
1/8/2024
/ Algorithms ,
Artificial Intelligence ,
Commercial Litigation ,
Customer Privacy ,
Customers ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Privacy Laws ,
Rite Aid ,
Settlement Proposals ,
Technology Sector
On 16 October 2023, France’s Data Protection Authority, the National Commission on Informatics and Liberty (CNIL), issued a set of guidelines for complying with the EU General Data Protection Regulation (GDPR) when...more
11/22/2023
/ Artificial Intelligence ,
CNIL ,
Data Protection ,
Data Storage ,
EU ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Personal Data ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Reform ,
Technology ,
UK
On September 28, 2023, the Cyberspace Administration of China (CAC) published the draft Provisions on Regulating and Promoting Cross-Border Data Transfers (Draft Provisions). If adopted into law in their current form, the...more
In this month’s Privacy & Cybersecurity Update, we examine Delaware’s new comprehensive data privacy law, a joint statement by 12 data protection authorities on data scraping and data protection, a district court ruling on a...more
10/3/2023
/ California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Popular ,
Privacy Laws ,
Risk Assessment ,
Risk Management ,
State and Local Government ,
State Data Privacy Laws ,
State Privacy Laws ,
Web Scraping
In this month’s Privacy & Cybersecurity Update, we analyze the Biden administration’s proposed cybersecurity labeling program for smart devices, NIST’s extensive overhaul of its cybersecurity framework, and data privacy law...more
9/6/2023
/ Biden Administration ,
California ,
California Privacy Rights Act (CPRA) ,
Colorado ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Labeling ,
NIST ,
Popular ,
Privacy Laws ,
Smart Devices ,
State Privacy Laws
In this month’s Privacy & Cybersecurity Update, we examine the newly established data privacy framework between the EU and U.S. and new consumer privacy laws in Oregon and Texas. We also review a court ruling that delayed...more
8/2/2023
/ Biometric Information Privacy Act ,
California ,
California Privacy Rights Act (CPRA) ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Data Transfers ,
Disclosure ,
EU ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
NYDFS ,
Oregon ,
Popular ,
Privacy Laws ,
Proposed Amendments ,
Regulatory Requirements ,
Risk Management ,
Texas
In our June Privacy & Cybersecurity Update, we review new data privacy laws in Colorado, Connecticut, Florida and Montana; Verizon’s annual Data Breach Investigations Report; AM Best’s report on cyber insurance trends; and...more
7/6/2023
/ Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Processors ,
Data Protection ,
Employer Liability Issues ,
Employment Litigation ,
Enforcement ,
Investigations ,
Liability ,
Negligence ,
New Amendments ,
New Legislation ,
New Regulations ,
Opt-Outs ,
Popular ,
Privacy Laws ,
State and Local Government ,
State Privacy Laws ,
Technology Sector ,
Verizon
In this month’s Privacy & Cybersecurity Update, we review new consumer privacy laws in Tennessee and Indiana, three GDPR rulings by the Court of Justice of the European Union, updates regarding future California Privacy...more
6/5/2023
/ California Privacy Protection Agency (CPPA) ,
Cyber Insurance ,
Cybersecurity ,
EU ,
European Court of Justice (ECJ) ,
Fraud ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Insureds ,
Liability ,
Privacy Laws ,
State Privacy Laws ,
Wire Fraud
In this month’s Privacy & Cybersecurity Update, we look at Washington state’s passage of the first-ever state-level health data privacy law and the finalized California Consumer Privacy Act regulations. We also examine a...more
5/2/2023
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Food and Drug Administration (FDA) ,
Fraudulent Wire Transfers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Insurance Industry ,
Medical Devices ,
Notice of Proposed Rulemaking (NOPR) ,
Popular ,
Privacy Laws ,
Reproductive Healthcare Issues ,
State Privacy Laws
In this month’s Privacy & Cybersecurity Update, we examine Iowa’s new data privacy law (the sixth state to enact a privacy law), the Biden administration’s new national cybersecurity strategy, the U.K. government’s revised...more
4/4/2023
/ Amended Regulation ,
Biden Administration ,
Consumer Privacy Rights ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Protection ,
National Security ,
Popular ,
Privacy Laws ,
State Privacy Laws ,
UK
In this month’s Privacy & Cybersecurity Update, we analyze recent fines against Meta and their impact on the future of behavioral advertising, the timeline for the California Privacy Rights Act’s regulations to become...more
2/1/2023
/ Advertising ,
California ,
California Privacy Rights Act (CPRA) ,
Class Action ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Breach ,
FCC ,
Fines ,
Investigations ,
Metaverse ,
Popular ,
Privacy Laws ,
Proposed Amendments ,
Reporting Requirements ,
Settlement Agreements ,
State and Local Government ,
State Privacy Laws ,
UK