Life With GDPR: Cookie Compliance
Universal Consent: Building Beyond Cookie Consent
Data Dividend: What is Personal Data Worth?
Privacy Litigation Trends: Meta Pixels, Cookie Opt-Out, and Sale of Data
Data Revolution: How U.S. Privacy Laws Change the Way Data Should be Managed by Retail and Tech Industries
Fashion Counsel: Privacy in the Retail Fashion Industry
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
In announcing a joint investigation into the implementation of Global Privacy Controls (GPC) earlier this week, the California Privacy Protection Agency (CPPA) and attorneys general from California, Colorado and Connecticut...more
On September 9, 2025, California Attorney General Rob Bonta, together with the California Privacy Protection Agency and the Attorneys General of Colorado and Connecticut, announced a joint enforcement sweep targeting...more
VHS rental stores may be long gone, but the Video Privacy Protection Act (VPPA)—a law born in that era—remains surprisingly relevant. Today, courts across the country are wrestling with how the VPPA applies to modern digital...more
The French data protection authority, Commission Nationale de l’Informatique et des Libertés (CNIL), imposed a €325 million fine on Google on September 1, 2025, for displaying advertisements in Gmail without prior user...more
Recent regulatory actions and court decisions highlight growing uncertainty over whether sharing article title data from webpages amounts to disclosure of sensitive health information under privacy laws....more
When we speak to clients about online privacy issues, they almost always mention the CCPA – California’s Consumer Privacy Act that regulates the collection and use of personal data. But unless they have already faced a...more
In an era of escalating data breaches, organizations must be vigilant in protecting consumer information. A comprehensive federal data privacy law would streamline compliance efforts, but Congress has yet to pass one, leaving...more
The UK Information Commissioner’s Office has launched two consultations as part of the transition to the Data User and Access Act framework. These consultations will be of particular interest to organisations operating...more
11 Have you ever clicked "I agree" without really knowing what you are agreeing to? You are not alone, and businesses often rely on that. Consent is now the cornerstone of data privacy, including India's Digital...more
- What is new: The ICO is proposing to relax its enforcement of cookie consent requirements, meaning user consent would not be required for lower-risk advertising cookies. - Why it matters: The proposals aim to address...more
Like a zombie apocalypse, hordes of California Invasion of Privacy Act (“CIPA”) claims have chased corporate defendants to court where they were held off for a time, until, clawing at the courthouse doors, CIPA claims broke...more
The DUAA introduces several reforms to UK data protection law, but their implications are relatively limited in practice. The Data (Use and Access) Act 2025 (the DUAA) was enacted on 19 June 2025 and amends rather than...more
The Data (Use and Access) Bill passed both Houses of UK Parliament and received Royal Assent on 19 June 2025, now becoming the Data (Use and Access) Act 2025 (“DUA Act”). This is the final iteration of the Data Protection and...more
An increasingly aggressive plaintiffs’ bar has brought purported class action suits based on the nearly ubiquitous use of tracking technologies used for website analytics. Although any actual harm to the plaintiffs is...more
The California attorney general’s (AG) July 1, 2025, proposed settlement with Healthline Media LLC (Healthline) marks the third cookie-related California Consumer Privacy Act (CCPA) settlement in as many months (alongside the...more
Websites are ubiquitous, and so are cookies and tracking pixels (a/k/a web beacons). A web browser uses cookies to store login details and preferences; the cookies also track and profile user behavior. When visiting a...more
In a significant win for the defense, a California federal judge denied class certification in a California Invasion of Privacy Act (CIPA) suit alleging that AddShoppers and Peet’s Coffee unlawfully tracked website visitors...more
After a legislative reform that has seen four different Prime Ministers, three different Bills and many deliberations across both Houses of Parliament, the UK is now on course to introduce some changes to the data protection...more
It’s 2025, and somehow, we’re still dealing with lawsuits over a law that was born in the pen registers and rotary phones era. That law, the California Invasion of Privacy Act (CIPA), a decades-old statute that’s suddenly...more
Orrick's Founder Series offers monthly top tips for UK startups on key considerations at each stage of their lifecycle, from incorporating a company through to possible exit strategies. The Series is written by members of our...more
California Senate Bill 690 (SB 690), introduced by Senator Anna Caballero, is continuing to proceed through the California state legislative process. The proposed bill would amend the California Invasion of Privacy Act (CIPA)...more
On April 24 2025, the French supervisory authority (CNIL) issued a draft recommendation to address challenges in collecting user consent for cookies and trackers across multiple devices (the Draft Recommendation). The new...more
In a recent decision, the U.S. District Court for the Northern District of California has construed the private right of action provision under the California Consumer Privacy Act (CCPA) broadly, which increases business risk...more
Every week, the Array team reviews the latest news and analysis about the evolving field of eDiscovery to bring you the topics and trends you need to know. This week’s post covers the period of April 27-May 3. Here’s what’s...more
On March 3, 2025, the U.S. District Court for the Northern District of California issued a significant ruling that has the potential to broaden the risk of liability under the California Consumer Privacy Act (CCPA). ...more