Privacy & Information Security Law Blog

On November 20, 2025, the U.S. Securities and Exchange Commission issued a brief announcement that it filed a joint stipulation with defendants SolarWinds Corporation and its Chief Information Security Officer to dismiss, with prejudice, the SEC’s ongoing civil enforcement action against them.

On November 17, 2025, the Federal Trade Commission announced that Commissioner Melissa Holyoak has resigned her post, bringing the total number of vacant commissioner seats to three.

On November 19, 2025, the European Commission unveiled the much-anticipated digital omnibus legislative package (the “Digital Omnibus”), setting the stage for a new era of digital governance and regulatory simplification across the European Union. According to the Commission, this initiative is designed to enable European businesses to devote more energy to innovation and growth, rather than navigating complex compliance landscapes.

On November 17, 2025, the Council of the European Union adopted new rules designed to strengthen cooperation among national data protection authorities, enhancing the enforcement of the EU General Data Protection Regulation.

On November 12, 2025, the Centre for Information Policy Leadership at Hunton published a discussion paper titled “Comparing U.S. State Privacy Laws: Covered and Sensitive Data,” the latest in its discussion paper series comparing key elements of U.S. state privacy laws.

On November 12, 2025, the UK government introduced the draft Cyber Security and Resilience (Network and Information Systems) Bill to the UK Parliament.

On November 11, 2025, the European Data Protection Supervisor published new guidance for risk management of artificial intelligence systems.

On October 28, 2025, the Cyberspace Administration of China issued important amendments to the Chinese Cybersecurity Law, which will take effect on January 1, 2026.  

On October 13, 2025, California Governor Newsom signed into law Assembly Bill 56,  which requires social media platforms to display health warnings to users under 18 years old about the risks of social media use.

On November 4, 2025, the European Data Protection Board adopted its opinion on the European Commission’s draft decision regarding the adequacy of Brazil’s personal data protection framework. Once finalized, this decision will enable the free flow of personal data from the European Union to Brazil.