Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
Podcast - Who Owns Your DNA? Lessons Learned from 23andMe
The Privacy Insider Podcast Episode 13: Preserving Privacy and Social Connection with Christine Rosen of the American Enterprise Institute
A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow
CFPB's Inquiry Into Payments Privacy — Payments Pros – The Payments Law Podcast
Bridging the Gap: How CivicReach is Revolutionizing Government Customer Service
The Privacy Insider Podcast Episode 11: Signal and Noise: The New Administration, Privacy, and Our Digital Rights with Cindy Cohn of Electronic Frontier Foundation
The Privacy Insider Podcast Episode 10: 2025 Privacy Predictions: Hold My Beer, 2024
2025 Privacy Law Preview: Be Prepared
"Monsters Inc." y el tratamiento de los datos
The American Privacy Right Act (APRA) explained
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
Navigating State Privacy Laws
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
Are You Ready to Comply With New State Data Privacy Laws?
Embracing Data Privacy to Drive Business Growth: On Record PR
Data Dividend: What is Personal Data Worth?
The annual review and update (if necessary) of privacy notices just got an upgrade to a “must do.” This provision, found in California Consumer Privacy Act from the beginning, requires companies to assess their data...more
On July 24, 2025, the California Privacy Protection Agency (CPPA) approved final regulations (the Rule) under the California Consumer Privacy Act (CCPA) governing Automated Decision-Making Technology (ADMT), including...more
Connecticut Attorney General William Tong recently announced the state’s first-ever enforcement settlement under the Connecticut Data Privacy Act (CTDPA) with TicketNetwork, Inc., an online ticket marketplace. The settlement...more
On July 1, the U.S. Senate voted to fully remove the previously proposed ten-year moratorium on regulation of Artificial Intelligence by states (“AI Moratorium”), after the provision’s passage by the House. Despite a number...more
On June 2, the New Jersey Division of Consumer Affairs (Division) published proposed regulations to implement the New Jersey Data Privacy Act (NJDPA). Of note, these rules were proposed months after the NJDPA went into effect...more
Below, we catalog certain current state laws regulating the development and use of AI systems and technologies passed between 2019 and 2025. This list focuses on legislative initiatives that have passed and are in effect or...more
If you are a compliance professional for a U.S.-based company, you have probably been told at some point that you have to worry about the General Data Protection Regulation (GDPR). Have you encountered one of these...more
Whether you are swamped by a deluge of subject rights requests or just want more time to spend on strategic work, managing SRRs effectively is a highly sought-after goal — one that's seldom achieved. Between parsing...more
On March 10, 2025, the Belgian Data Protection Authority (BDPA) updated its 2020 guidance on the processing of personal data for direct marketing purposes (see the updated guidance here in French and in Dutch)....more
On March 12, 2025, the California Consumer Privacy Protection Agency (CPPA or Agency) announced a settlement with an auto manufacturer, marking the Agency’s first enforcement action under the California Consumer Privacy Act...more
On February 10, 2025, the first class action complaint was filed under Washington state’s My Health My Data Act (“MHMDA”), over a year after the law was passed. See Maxwell v. Amazon.com, Inc. et al., Case No. 2:25-cv-261...more
The office of the Oregon Attorney General recently releases a six-month enforcement report regarding the Oregon’s Consumer Privacy Act (OCPA). What are we discussing with our clients?...more
The California privacy regulator recently settled with a data broker (Key Marketing Advantage LLC) that it alleged had violated the state’s data broker law. Under the Delete Act, data brokers must, among other things,...more
The Personal Information Protection Act (PIPA) is a critical framework for protecting individuals’ personal information in Bermuda. Under PIPA organisations are required to adhere to several key principles, including ensuring...more
On February 4, 2025, the Federal Communications Commission (FCC or Commission) released a Notice of Apparent Liability for Forfeiture (NAL) against voice service provider Telnyx LLC (Telnyx) for alleged violations of the...more
In an eleventh-hour play, on January 24, 2025, the Eleventh Circuit issued a decision that vacated the Federal Communication Commission’s (FCC) One-to-One Consent Rule, which was all set to go into effect on January 27, 2025....more
On Monday, January 27, 2025, the One-to-One Consent Rule (“the Rule”) promulgated by the Federal Communications Commission (the “Commission”) a year ago, on December 18, 2023, was set to go into effect. Under this Rule, a...more
Tomorrow is International Data Privacy Day, so a happy day to all! More seriously, data privacy concerns and legislation continue to rapidly increase. It has been estimated that by the end of 2024 more than 75 percent of...more
The momentum for change in US state privacy laws accelerated in 2024, driven by several significant developments, including efforts for a federal privacy law, state-level enforcement actions and the activation of four new...more
The Federal Communications Commission’s (FCC or Commission) new Telephone Consumer Protection Act (TCPA) one-to-one consent rule takes effect in less than one week – on January 27, 2025. The new rule, once effective, will...more
With the advent of a new year comes a new set of consumer data privacy laws in the United States. Five new state data privacy laws go into effect in January 2025, with additional laws coming throughout 2025 and into 2026....more
The Consumer Financial Protection Bureau (CFPB) finalized its “open banking” rule in late 2024. As required by Section 1033 of the Consumer Financial Protection Act, the CFPB promulgated the rule to require certain financial...more
The Oregon Department of Justice (DOJ) recently issued significant guidance detailing how the state's existing legal framework will regulate artificial intelligence, eschewing the need for immediate AI-specific legislation....more
What Happened? Last week the CFPB issued an Order recognizing the Financial Data Exchange, Inc. (“FDX”) as the first standard setting body (“SSO”) under the CFPB’s Personal Financial Data Rights Rule (the “Rule”). The Rule...more
The UK Information Commissioner’s Office (the ICO) has published guidance to help firms take steps to protect customers’ personal information when data is shared between firms to prevent fraud and scams....more