Democratic State Senator Anna M. Caballero introduced Senate Bill 690 (S.B. 690), which aims to curb “abusive lawsuits” under the California Invasion of Privacy Act based on the use of cookies and other online technologies, on February 24, 2025, and the Bill is now scheduled to be heard by the Senate Public Safety Committee on April 29, 2025.
On April 22, 2025, Google announced that it will continue to offer third-party cookies in its Chrome browser and will not roll out a new standalone prompt for third-party cookie preferences.
On April 17, 2025, the Connecticut Office of the Attorney General issued a report highlighting key enforcement initiatives, complaint trends and legislative recommendations aimed at strengthening Connecticut’s privacy law.
The Department of Health and Human Services’ Office for Civil Rights recently announced two HIPAA enforcement actions involving failures to safeguard electronic protected health information in violation of the HIPAA Security Rule.
In April 2025, the European Commission published the AI Continent Action Plan, which aims to strengthen AI development and uptake in the EU, making the EU a global leader in AI.
On April 16, 2025, the U.S. District Court for the Southern District of Ohio Eastern Division issued a ruling permanently enjoining the Ohio Attorney General from enforcing the Parental Notification by Social Media Operators Act.
In April 2025, the Office of Management and Budget issued two revised policies on federal agencies’ use and procurement of artificial intelligence.
The California Privacy Protection Agency Board will hold a Board meeting on May 1, 2025, to address proposed CPPA regulations on automated decisionmaking, risk assessments, cybersecurity audits and insurance.
The Federal Trade Commission announced that it will host a workshop titled “The Attention Economy: How Big Tech Firms Exploit Children and Hurt Families” on June 4, 2025.
Davara Abogados S.C. reports that on March 20, 2025, the Mexican Congress approved a Federal Law on the Protection of Personal Data Held by Private Parties, replacing the previous 2010 federal data protection law.
On April 9, 2025, the Cyberspace Administration of China published a Q&A related to administrative policies on the security of cross-border transfers.
On April 11, 2025, California Attorney General Rob Bonta appealed the U.S. District Court for the Northern District of California’s decision blocking enforcement of California’s Age-Appropriate Design Code Act.
Last year, the Federal Communications Commission issued a rule amending a portion of the Telephone Consumer Protection Act.
On April 11, 2025, the U.S. Department of Justice issued a compliance guide, FAQs and an Implementation and Enforcement Policy to assist organizations to comply with the DOJ’s final rule implementing Executive Order 14117 (Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern). The guidance comes just days after certain of the final rule’s provisions became effective on April 8, 2025.
On April 10, 2025, the U.S. Senate confirmed Mark Meador as the newest Commissioner of the Federal Trade Commission. Meador was nominated on January 20, 2025, by President Donald J. Trump, and his term will expire on September 25, 2031.
The California Privacy Protection Agency recently released modified draft regulations in response to public feedback on its proposed updates to the California Consumer Privacy Act regulations.
On April 8, 2025, the Department of Justice’s Final Rule restricting the bulk transfer of sensitive U.S. personal and government data to certain countries and persons of concern went into effect.
The Centre for Information Policy Leadership at Hunton recently released a white paper on Privacy-Enhancing and Privacy-Preserving Technologies in AI: Enabling Data Use and Operationalizing Privacy by Design and Default. CIPL is hosting a webinar on the key themes of the Paper on April 29, 2025.
On April 1, 2025, the UK government published the Cyber Security and Resilience Policy Statement, which details the UK government’s legislative proposals for the Cyber Security and Resilience Bill.
On March 24, 2025, the U.S. National Institute of Standards and Technology published a report titled “Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations.”
On March 27, 2025, the Information Commissioner's Office announced that it had issued a fine against Advanced Computer Software Group for £3.07 million for non-compliance with security rules identified through an investigation following a ransomware attack.
On March 28, 2025, the Cyberspace Administration of China issued draft amendments to the Cybersecurity Law for public comment.
On March 27, 2025, the Federal Trade Commission announced that it had reached a $17 million settlement with Cleo AI, Inc., an online cash advance company, over alleged deceptive representations regarding the company’s services and subscription cancellation process.
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- Age Appropriate Design Code
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Audit
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Behavioral Advertising
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Committee on Foreign Investment in the United States
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cross-Border Data Transfer
- Cyber Attack
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Deceptive Trade Practices
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- Department of Treasury
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DORA
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Electronic Protected Health Information
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- European Union
- Facial Recognition Technology
- FACTA
- Fair Credit Reporting Act
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- Financial Data
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Geolocation Data
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- HIPAA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- Iowa
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Louisiana
- Madrid Resolution
- Maine
- Malaysia
- Maryland
- Massachusetts
- Meta
- Mexico
- Microsoft
- Minnesota
- Mobile
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- North Korea
- Norway
- Obama Administration
- OCPA
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Oklahoma
- Online Behavioral Advertising
- Online Privacy
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Profiling
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Sensitive Data
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Dakota
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code