Key Discovery Points: Don’t Get Caught with Your Hand in the Production Cookie Jar
How Startups Can Comply With Ever-Changing Privacy Laws
The Privacy Insider Podcast Episode 15: TAKE IT DOWN: Online Abuse and Harassment with Carrie Goldberg of C.A. Goldberg, PLLC
Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
State AG Pulse | Massive Google Settlement Shows AGs Serious About Privacy
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — The Consumer Finance Podcast
Business Better Podcast Episode: Bridging Campuses: Legal Insights on Education Industry Consolidation – Privacy and Data Security
A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
The Privacy Insider Podcast Episode 10: 2025 Privacy Predictions: Hold My Beer, 2024
2025 Privacy Law Preview: Be Prepared
The American Privacy Right Act (APRA) explained
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
Navigating State Privacy Laws
[Webinar] AI and Data Privacy: Minimizing Risk and Maximizing Opportunity
Embracing Data Privacy to Drive Business Growth: On Record PR
Connecticut Attorney General William Tong recently announced the state’s first-ever enforcement settlement under the Connecticut Data Privacy Act (CTDPA) with TicketNetwork, Inc., an online ticket marketplace. The settlement...more
As federal privacy enforcement shows signs of slowing, states are aggressively stepping in to fill the void. On July 1, 2025, the California attorney general (AG) announced a $1.55 million settlement with Healthline Media,...more
The court-appointed Consumer Privacy Ombudsman (CPO) in the 23andMe bankruptcy last month released a 200-plus-page report assessing the privacy implications of the proposed sale of 23andMe’s assets as part of its Chapter 11...more
Welcome to the Summer of Privacy! As we hit the middle of 2025, California is once again the focus of our attention, as both its legislators and regulators are attempting to square privacy protections with developing...more
In its first fine for violations of the Connecticut Data Privacy Act (“CDPA”), the state's omnibus data privacy law, the Connecticut Attorney General (“CT AG”) chose to make an example of deficient privacy notices....more
On July 8, Connecticut Attorney General William Tong announced a settlement with TicketNetwork, Inc. for alleged violations of the Connecticut Data Privacy Act (CTDPA). The settlement is the first publicly announced...more
Connecticut continues to refine its data privacy act as it implements its first violation settlement. TicketNetwork, Inc., reached a settlement of $85,000 for deficiencies in its privacy notice to consumers. Despite receiving...more
New York ‘s Child Data Protection Act, available here, took effect on June 20. This is a landmark piece of legislation designed to enhance the online privacy and safety of minors. As concerns over children’s digital...more
Connecticut Attorney General William Tong recently announced his office’s first enforcement action for violations of the Connecticut Data Privacy Act. “This law has now been in effect for two years,” Tong said in a...more
Oregon will begin to regulate the use of minors’ information and sale of users’ location data (regardless of age) with an update to its Oregon Consumer Privacy Act. These revisions will go into effect January 1, 2026. As...more
Utah AG Derek Brown and the Utah Division of Consumer Protection jointly sued Snap, Inc., the parent company of Snapchat, facilitating child sexual exploitation and sextortion through its design features and recommendation...more
Welcome to this month’s issue of The BR Privacy & Security Download, the digital newsletter of Blank Rome’s Privacy, Security, & Data Protection practice....more
The US “comprehensive” law landscape continues to expand, with two more states—Tennessee (July 1) and Minnesota (July 31) —joining the “comprehensive” privacy law club. Five of these -Delaware, Iowa, Nebraska, New Hampshire,...more
In May, Montana enacted Senate Bill 297, which amends the Montana Consumer Data Privacy Act (MCDPA) to eliminate the broad exemption for financial institutions subject to the Gramm-Leach-Bliley Act (GLBA). Connecticut...more
A recent amicus brief filed by LGBT Tech, with the support of a coalition of LGBTQ+ advocacy organisations and legal counsel from McDermott Will & Emery, carries significant weight in ongoing jurisprudence regarding online...more
Connecticut has made changes to its privacy law, including lower thresholds, exemptions updates, new categories of sensitive data, expanded consumer rights, and more....more
In the recent high-profile civil class action, Frasco v. Flo Health, a California federal court issued a significant ruling partially certifying a nationwide class and California subclass of individuals who used the Flo...more
On June 23, the California attorney general released a letter it sent to U.S. Senate leaders urging the removal of a provision in the federal budget reconciliation bill, HR 1 — the “One Big Beautiful Bill Act” — that would...more
New Jersey recently released draft privacy regulations, and there is a lot to unpack and process. In this three-part series, I will break down the regulations - Part 1: The New Personal data: • Scraping is carved...more
The New Jersey Division of Consumer Affairs has released proposed rules to implement the New Jersey Data Privacy Act (NJDPA). For covered businesses, these proposed rules demand close attention—not only for their substantive...more
A group of seven Democratic AGs, through the Consortium of Privacy Regulators, sent a letter to U.S. Senate leadership opposing a federal ban against state-level regulation of artificial intelligence (AI) systems....more
As privacy enforcement ramps up, effectively managing opt-out requirements under state privacy laws is a top risk mitigation measure. But complying with opt-outs is not just a matter of providing a consumer-facing opt-out...more
We are in an era where smartphones track sleep patterns, fitness apps monitor heart rates, and online searches reveal sensitive medical inquiries. As a result, the notion of “health data” has expanded dramatically. This...more
Next month ushers in two new US state comprehensive consumer privacy laws in Tennessee and Minnesota, which become effective on July 1 and July 31, respectively. While these laws track the current plethora of US state...more
Five new state privacy laws took effect in January 2025—Delaware (DPDPA), Iowa (ICDPA), Nebraska (NDPA), New Hampshire (NHPA), and New Jersey (NJDPA)—adding to the compliance maze for businesses operating across state lines....more