Privacy & Cybersecurity Law Blog

On May 18, 2026, the UK Information Commissioner’s Office announced that it had provided advice to the UK government on possible changes to the Privacy and Electronic Communications Regulations in relation to online advertising

On May 11, 2026, the Texas Attorney General  announced a lawsuit against Netflix, Inc. under the Texas Deceptive Trade Practices Act, alleging that the company collected personal information, including that of children, based on misleading and deceptive disclosures and engaged in dark patterns by designing its platform to be addictive.

On May 8, 2026, the California Attorney General announced a record $12.75 million settlement with General Motors to resolve allegations that it illegally sold Californians’ location and driving behavior data without adequate notice or consent, in violation of the California Consumer Privacy Act and California’s Unfair Competition Law.

Illinois Department of Human Rights recently issued regulations governing the use of Artificial Intelligence (AI) in making employment decisions.

On April 30, 2026, the New York State Department of Financial Services announced a $2.25 million settlement with Delta Dental following a cybersecurity incident that led to violations of the agency’s Cybersecurity Regulation.

On April 28, 2026, Maryland Governor Wes Moore signed into law House Bill 895, the Protection From Predatory Pricing Act, which regulates certain personalized pricing practices used by grocery stores and grocery delivery services.

On April 29, 2026, the UK Information Commissioner’s Office published the final updated version of its guidance on storage and access technologies such as cookies, pixels and similar technologies.

The Centre for Information Policy Leadership at Hunton has published a report examining the extent to which the General Data Protection Regulation aligns with the newly updated Program Requirements of the Global Cross-Border Privacy Rules System.

The California Privacy Protection Agency (“CalPrivacy’) Board will hold its next public meeting over two days, Thursday, April 30, and Friday, May 1, 2026.

On April 22, 2026, the House Energy & Commerce Committee announced the introduction of and intention to advance the SECURE Data Act, to replace the patchwork of U.S. state consumer privacy laws with a single federal law.