On March 24, 2025, Virginia Governor Glenn Youngkin asked the Virginia state legislature to strengthen the protections provided in a bill passed by the legislature earlier this month that imposes significant restrictions on minors’ social media use.
On March 24, 2025, Virginia Governor Youngkin signed into law S.B. 754, amends the Virginia Consumer Protection Act (“VCPA”), to prohibit the collection, disclosure, sale or dissemination of consumers’ reproductive or sexual health data without consent.
On March 18, 2025, NetChoice filed a lawsuit seeking to enjoin a Louisiana law, the Secure Online Child Interaction and Age Limitation Act, from taking effect this July.
On March 25, 2025, Virginia Governor Glenn Youngkin vetoed the High-Risk Artificial Intelligence Developer and Deployer Act, which had been passed by the Virginia legislature. The Act would have imposed accountability and transparency requirements with respect to the development and deployment of “high-risk” AI systems.
On March 21, 2025, the Cyberspace Administration of China and the Ministry of Public Security jointly released the Security Management Measures for the Application of Facial Recognition Technology, which will become effective on June 1, 2025.
Hunton is pleased to host the first of its Technology Forum roadshows in Cleveland, Ohio, on May 14, 2025. Join us as we bring together industry professionals in privacy, technology and procurement for a half-day program to discuss the hottest topics facing businesses today.
On March 18, 2025, the European Commission proposed to adopt an extension of the two adequacy decisions with the UK for a period of six months.
On March 15, 2025, Kentucky Governor Andy Beshear signed into law a bill amending the Kentucky Consumer Data Protection Act to exempt from the law’s application certain data subject to HIPAA.
California Attorney General Rob Bonta recently announced a new enforcement sweep targeting the location data industry’s compliance with the CCPA.
On March 13, 2025, the U.S. District Court for the Northern District of California granted a second motion for preliminary injunction in favor of the technology trade group NetChoice.
On March 7, 2025, the California Privacy Protection Agency voted to authorize the agency to advance proposed data broker regulations concerning the Delete Request and Opt-Out Platform to formal rulemaking.
Earlier this month, the Centre for Information Policy Leadership at Hunton submitted a response to India’s Ministry of Electronics and Information Technology regarding the Draft Digital Personal Data Protection Rules 2025.
On March 11, 2025, the Virginia legislature passed a bill that would amend the Virginia Consumer Data Protection Act to impose significant restrictions on minor users’ use of social media.
On March 7, 2025, the New York Attorney General announced a $650,000 settlement with Saturn Technologies Inc., the developer of a student social networking app, for alleged privacy violations.
On March 12, 2025, the California Privacy Protection Agency announced that it reached a settlement with American Honda Motor Co. in which Honda will pay a $632,500 fine to resolve claims that the company violated the CCPA.
After six months of enforcement of Oregon’s Consumer Privacy Act, a new report from the Oregon Attorney General indicates strong consumer engagement with the law’s privacy rights, notable business compliance efforts and key areas where businesses are falling short.
On March 6, 2025, the U.S. Department of Health and Human Services Office for Civil Rights announced a $200,000 civil monetary penalty against Oregon Health & Science University for allegedly violating the HIPAA Privacy Rule’s right of access.
On February 27, 2027, in Chabolla v. ClassPass Inc., the U.S. Court of Appeals for the Ninth Circuit, in a split 2-1 decision, held that website users were not bound by the terms of a “sign-in wrap” agreement.
The Attorney General of Arkansas filed a lawsuit against General Motors and its subsidiary, OnStar, alleging deceptive trade practices related to the collection and sale of drivers’ data.
On March 10, 2025, the Attorney General of New York filed a lawsuit against several insurance companies doing business as Allstate Insurance Company and National General for alleged violations of New York’s breach notification law, general business laws and consumer protection laws.
On February 20, 2025, the U.S. District Court for the Northern District of Georgia granted a motion for class certification in a class action alleging that WebMD violated the federal Video Privacy Protection Act by disclosing certain user data to Facebook without the users’ consent.
On March 5, 2025, the European Data Protection Board announced the launch of its latest Coordinated Enforcement Framework action addressing the right to erasure.
Last month, SEC Commissioner Hester Peirce, chair of the Crypto Task Force, laid out a broad agenda for the SEC’s approach to cryptocurrency over the next four years.
On February 21, 2025, President Trump issued a National Security Memorandum on America First Investment Policy outlining the administration’s foreign direct investment policy, including initiatives for a regulatory fast track process, additional scrutiny for Chinese investors, key changes to reviews by the Committee on Foreign Investment in the United States including CFIUS’s use of national security agreements.
On February 20, 2025, the Virginia legislature passed the High-Risk Artificial Intelligence Developer and Deployer Act.
On February 20, 2025, the UK Information Commissioner’s Office published its annual Tech Horizons Report, which explores four key technologies expected to play a significant role in society in upcoming years.
The California Privacy Protection Agency Board will hold Board meetings on March 6 at 2 PM PT and March 7 at 9 AM PT addressing the creation of a data broker deletion request mechanism, pursuant to the CA Delete Act.
The Cyberspace Administration of China recently released requirements regarding data protection compliance audits, which will go into effect on May 1, 2025.
The People’s Bank of China recently released the Draft Administrative Measures for Reporting of Cybersecurity Incidents in the Operational Areas of PBOC for public comment.
NetChoice has filed a lawsuit challenging Maryland’s Age-Appropriate Design Code Act on constitutional grounds, arguing that the law’s requirements, including requirements to perform data protection impact assessments, inhibit free speech.
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- Age Appropriate Design Code
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Audit
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Behavioral Advertising
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Committee on Foreign Investment in the United States
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cross-Border Data Transfer
- Cyber Attack
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Deceptive Trade Practices
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- Department of Treasury
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DORA
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Electronic Protected Health Information
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- European Union
- Facial Recognition Technology
- FACTA
- Fair Credit Reporting Act
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- Financial Data
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Geolocation Data
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- HIPAA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- Iowa
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Louisiana
- Madrid Resolution
- Maine
- Malaysia
- Markus Heyder
- Maryland
- Massachusetts
- Meta
- Mexico
- Microsoft
- Minnesota
- Mobile
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- North Korea
- Norway
- Obama Administration
- OCPA
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Oklahoma
- Online Behavioral Advertising
- Online Privacy
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Profiling
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Sensitive Data
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Dakota
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code