Privacy & Cybersecurity Law Blog

The Federal Trade Commission has issued a new Policy Statement encouraging the adoption of robust age‑verification technologies by pledging not to bring enforcement actions under the COPPA Rule against operators of general‑ or mixed‑audience sites that collect, use or disclose personal information solely to determine users’ ages, so long as long as they follow strict safeguards.

On February 24, 2026, the UK ICO announced that it had fined Reddit, Inc. £14.47 million following an investigation into the company’s handling of children’s personal information.

On February 19, 2026, the Organisation for Economic Co-operation and Development published new guidance on the implementation of its Guidelines for Multinational Enterprises and AI Principles.

On February 23, 2026, a Joint Statement on AI-Generated Imagery was published by 61 data protection authorities. The Joint Statement addresses concerns regarding AI systems capable of generating realistic images and videos depicting identifiable individuals without their knowledge or consent.

On February 18, 2026, Virginia Attorney General Jay Jones announced that his office intends to fully enforce new provisions of the Virginia Consumer Data Protection Act restricting minors’ use of social media.

On February 9, 2026, trade association NetChoice filed a lawsuit challenging South Carolina’s newly passed Age-Appropriate Code Design (“SC AACD”) on First and Fourteenth Amendment grounds. The SC AACD was signed into law on February 5, 2026, making South Carolina the fifth U.S. state to enact such a law, following California, Maryland, Nebraska and Vermont.

On February 5, 2026, Connecticut Attorney General William Tong and Senator James Maroney announced that the state’s lawmakers will soon consider new measures aimed at protecting children and teenagers from potential risks associated with artificial intelligence technologies

On February 6, 2026, the Federal Trade Commission announced its second report to Congress on its efforts to combat ransomware and other cyber attacks.

On Friday, February 27, 2026, the California Privacy Protection Agency will hold a public meeting at 9:00 am PST in-person and online to discuss upcoming rulemaking activities.

A recent federal court ruling held that AI-generated documents prepared by a defendant and later shared with legal counsel were not protected by attorney-client privilege or the work product doctrine.