Privacy & Information Security Law Blog

On April 22, 2025, Google announced that it will continue to offer third-party cookies in its Chrome browser and will not roll out a new standalone prompt for third-party cookie preferences. 

On April 17, 2025, the Connecticut Office of the Attorney General issued a report highlighting key enforcement initiatives, complaint trends and legislative recommendations aimed at strengthening Connecticut’s privacy law.

The Department of Health and Human Services’ Office for Civil Rights recently announced two HIPAA enforcement actions involving failures to safeguard electronic protected health information in violation of the HIPAA Security Rule.

In April 2025, the European Commission published the AI Continent Action Plan, which aims to strengthen AI development and uptake in the EU, making the EU a global leader in AI.

On April 16, 2025, the U.S. District Court for the Southern District of Ohio Eastern Division issued a ruling permanently enjoining the Ohio Attorney General from enforcing the Parental Notification by Social Media Operators Act.

In April 2025, the Office of Management and Budget issued two revised policies on federal agencies’ use and procurement of artificial intelligence.

The California Privacy Protection Agency Board will hold a Board meeting on May 1, 2025, to address proposed CPPA regulations on automated decisionmaking, risk assessments, cybersecurity audits and insurance.

The Federal Trade Commission announced that it will host a workshop titled “The Attention Economy: How Big Tech Firms Exploit Children and Hurt Families” on June 4, 2025.

Davara Abogados S.C. reports that on March 20, 2025, the Mexican Congress approved a Federal Law on the Protection of Personal Data Held by Private Parties, replacing the previous 2010 federal data protection law.

On April 9, 2025, the Cyberspace Administration of China published a Q&A related to administrative policies on the security of cross-border transfers.