Key Discovery Points: Don’t Get Caught with Your Hand in the Production Cookie Jar
How Startups Can Comply With Ever-Changing Privacy Laws
The Privacy Insider Podcast Episode 15: TAKE IT DOWN: Online Abuse and Harassment with Carrie Goldberg of C.A. Goldberg, PLLC
Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
State AG Pulse | Massive Google Settlement Shows AGs Serious About Privacy
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
Business Better Podcast Episode: Bridging Campuses: Legal Insights on Education Industry Consolidation – Privacy and Data Security
A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
The Privacy Insider Podcast Episode 10: 2025 Privacy Predictions: Hold My Beer, 2024
2025 Privacy Law Preview: Be Prepared
The American Privacy Right Act (APRA) explained
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
Navigating State Privacy Laws
[Webinar] AI and Data Privacy: Minimizing Risk and Maximizing Opportunity
Embracing Data Privacy to Drive Business Growth: On Record PR
Thora Johnson shares simple guidance on: Data management for privacy compliance Ensuring data security through storage and retention practices...more
The US “comprehensive” law landscape continues to expand, with two more states—Tennessee (July 1) and Minnesota (July 31) —joining the “comprehensive” privacy law club. Five of these -Delaware, Iowa, Nebraska, New Hampshire,...more
A recent and far-reaching decision by the Italian Data Protection Authority (Garante) has significantly altered the rules governing marketing privacy consent in Italy, introducing a potential obligation to adopt a double...more
New York’s Child Data Protection Act (NYCDPA) has gone into effect, introducing sweeping new requirements for businesses that collect personal data from minors under 18. While New York has not yet joined the ranks of the...more
Connecticut has made changes to its privacy law, including lower thresholds, exemptions updates, new categories of sensitive data, expanded consumer rights, and more....more
On 17th June 2025, the Spanish Data Protection Authority (“AEPD”) published guidance in relation to Royal Decree 933/2021, which regulates document registration and information obligations relating to accommodation and motor...more
On June 20, 2025, the New York Child Data Protection Act (CDPA) took effect, ushering in some of the most comprehensive child and teen privacy protections in the United States. The law applies to operators of websites, apps,...more
This monthly report outlines key developments in China’s data protection sector for June. TC260 Two Cybersecurity Practice Guidelines on Personal Information Protection Compliance Audits: On May 19, 2025, TC260 issued two...more
On June 11, 2025, two new pieces of legislation in Alberta came into effect: (1) the Protection of Privacy Act; and (2) the Access to Information Act. Both pieces of legislation are expected to significantly impact...more
On April 22, 2025, the Federal Trade Commission (FTC or the Commission) published an updated Children’s Online Privacy Protection Act (COPPA) Rule (Rule) in the Federal Register. The updates are effective June 23, 2025. But...more
India’s Ministry of Electronics and Information Technology (MeitY) released in June 2025 a Business Requirement Document for Consent Management Under the DPDP Act, 2023 (BRD). The BRD, while not legally binding, provides...more
New Jersey’s Office of Consumer Protection has prepared proposed rules for the New Jersey Data Privacy Act (NJDPA) (Proposed Rules). While the bulk of the Proposed Rules consist of recitations of the obligations found in the...more
Keypoint: Last week, governors in Colorado, Oregon, Nebraska, and Texas signed bills into law while bills advanced in Maine, Oregon, Vermont, and Texas. Below is the twenty first weekly update on the status of proposed state...more
On April 22, 2025, the Federal Trade Commission (FTC) published its final amendments ("the Amendments") to the Children's Online Privacy Protection Act (COPPA) Rule in the Federal Register. The Amendments expand the...more
On April 28 2025, the Court of Justice of the European Union (CJEU) published an updated version of the fact sheet (the Fact Sheet) summarising key case law on protection of personal data. The Fact Sheet covers the case law...more
While Andrew Ferguson advocates for a restrained regulatory approach at the FTC, his statements and voting record reveal clear priority areas where businesses can expect continued vigorous enforcement. Two areas stand out in...more
On April 24 2025, the French supervisory authority (CNIL) issued a draft recommendation to address challenges in collecting user consent for cookies and trackers across multiple devices (the Draft Recommendation). The new...more
For the second installment of this series on the new California Consumer Privacy Act (CCPA) Regs, we are looking at consumer request processes. One major eye opener: Tracker opt-outs must be immediate and you may not be...more
Many financial services businesses are subject to legal or regulatory obligations that require them to verify the identity of their customers. Although innovative technological tools, including those using artificial...more
On April 21, 2025, Arkansas Governor Sarah Huckabee Sanders signed into law the Arkansas Children and Teens’ Online Privacy Protection Act (Act), which will become effective on July 1, 2026. It draws inspiration from the...more
Following a wave of “session replay” wiretapping lawsuits in the United States, France’s Commission Nationale de l’Informatique et des Libertés (CNIL) has launched a consultation on tools for recording and replaying browsing...more
Virginia recently amended its Consumer Protection Act (the Act) to provide enhanced protection for reproductive and sexual health information. These protections take effect on July 1, 2025. The amendment prohibits a...more
As noted in our last two client alerts, the issue as to who should be the watchdog to protect consumer personal data is coming to a head in the chapter 11 bankruptcy cases of 23andMe Holding Co and its affiliated debtors...more
On March 24, 2025, the governor of Virginia signed into law Senate Bill 754, which amends the Virginia Consumer Protection Act (VCPA) to restrict the collection, use, sale, or sharing of personally identifiable reproductive...more
On 21 March 2025, the New Federal Law for the Protection of Personal Data in Possession of Private Parties came into effect, superseding and repealing the prior data protection law....more