Privacy & Information Security Law Blog

On July 22, 2025, the European Commission announced the launch of the process to adopt new adequacy decisions for the UK following the European Commission’s assessment of the recently passed UK Data (Use and Access) Act 2025.

On July 14, 2025, the European Commission published guidelines on the protection of minors under the Digital Services Act aimed at safeguarding minors in the digital environment.

Texas recently enacted a law requiring electronic health records to be physically stored in the U.S., among other requirements.   

On June 20, 2025, the Texas governor signed into law S.B. 2121, which amends the Texas Data Broker Act’s definition of “data broker” and applicability thresholds.

On July 7, 2025, the Department of Health and Human Services’ Office for Civil Rights announced a HIPAA enforcement action against a behavioral health care provider for failure to comply with the HIPAA Security Rule, resulting in a $225,000 fine and a two-year corrective action plan.

The California Privacy Protection Agency Board will hold a board meeting on July 24, 2025, at 9:00 am PDT.

On July 10, 2025, the European Commission published the final version of the General-Purpose AI Code of Practice.  

On July 8, 2025, Connecticut Attorney General William Tong announced a settlement with TicketNetwork for alleged violations of the Connecticut Data Privacy Act.

On July 7, 2025, the UK Information Commissioner’s Office launched two new consultations related to its approach to enforcement under PECR with respect to online advertising and to certain proposed updates to its guidance on cookies following passage of the Data (Use and Access) Act 2025.

The New York legislature recently passed the Responsible AI Safety and Education Act, which regulates large developers of frontier AI models.  The bill awaits signature by the New York Governor.

On July 3, 2025, the European Data Protection Board issued the Helsinki Statement outlining new initiatives to make compliance with the GDPR easier and to strengthen consistency and boost cross-regulatory cooperation.

On July 1, 2025, the California Office of the Attorney General announced that the AG had reached a proposed settlement with Healthline Media LLC, the publisher of a website that provides medical and health-related information, over alleged violations of the California Consumer Privacy Act.

On June 27, 2025, the U.S. Supreme Court upheld, by in a 6-3 vote, H.B. 1181, a Texas law that requires certain commercial websites publishing sexually explicit content to verify that visitors are 18 years of age or older.

SolarWinds has reached an agreement in principle with the US Securities and Exchange Commission in the agency’s ongoing securities fraud lawsuit against the company and its former chief information security officer in connection with a series of cyberattacks against the company.