Privacy & Information Security Law Blog

On January 15, 2025, the Federal Trade Commission announced a proposed order against web hosting company GoDaddy for unfair or deceptive acts or practices in violation of Section 5 of the FTC Act, and issued guidance for customers of web hosting services on security practices in light of the settlement.

On January 14, 2025, the UK government opened a consultation seeking views on three proposals aimed at reducing the threat of ransomware attacks.

On January 16, 2025, French Data Protection Authority unveiled its strategic plan for 2025-2028, highlighting its priorities for the coming years.

On January 21, 2025, the Council of the EU adopted the European Health Data Space Regulation.

Earlier this month, the U.S. Consumer Financial Protection Bureau invited public comment on strengthening privacy protections for, and a proposed interpretive rule extending financial consumer protections to, emerging payment mechanisms.

Last week President Biden issued Executive Order 14144, titled “Strengthening and Promoting Innovation in the Nation’s Cybersecurity,” which aims to strengthen software supply chain security, impose more stringent cybersecurity requirements on federal contractors, combat cybercrime, and encourage the development of identity verification technologies.

On January 3, 2025, the Cyberspace Administration of China issued the draft Measures for Personal Information Protection Certification for Cross-Border Transfers of Personal Information (“Draft Measures”) for public consultation.  The Draft Measures will make available a certification which can be used as a mechanism for lawfully transferring personal information outside of China.

On January 13, 2025, Texas Attorney General Ken Paxton announced lawsuits against Allstate and its subsidiary, Arity (together, “Allstate”), for the unlawful collection, use and sale of precise geolocation data collected through Allstate’s mobile apps, in violation of Texas’s comprehensive data privacy law. The AG’s office alleges that Allstate then used this covertly obtained data to justify raising insurance rates.

On January 13, 2025, California Attorney General Rob Bonta issued two legal advisories on the use of AI, including in the healthcare context. The first legal advisory (“AI Advisory”) advises consumers and entities about their rights and obligations under the state’s consumer protection, civil rights, competition, and data privacy laws with respect to the use of AI, while the second (“Healthcare AI Advisory”) provides guidance specific to healthcare entities about their obligations under California law regarding the use of AI.

On January 9, 2025, the Court of Justice of the European Union issued its judgment in the case Österreichische Datenschutzbehörde.