Privacy & Information Security Law Blog

A bill making its way through the California legislature (S.B. 361) would amend the California Delete Act to require data brokers to provide significantly more information in their registration applications with the California Privacy Protection Agency.

On September 3, 2025, the EU’s General Court issued its judgment in the Latombe v. Commission case. The applicant, a member of the French National Assembly, sought the annulment of the adequacy decision adopted by the European Commission with respect to the EU-U.S. Data Privacy Framework.

The Colorado Department of Law recently issued a Notice of Proposed Rulemaking with proposed draft amendments to the Colorado Privacy Act rules.

A recent decision by the U.S. Couple of Appeals for the Sixth Circuit granting the IRS access to certain EU personal data has created potential legal compliance implications for multinational organizations subject to the EU GDPR.

On August 27, 2025, the Federal Trade Commission announced that fees for telemarketers to access phone numbers listed on the National Do Not Call Registry will increase effective October 1, 2025.

On August 28, 2025, the UK Information Commissioner’s Office initiated a public consultation on draft guidance on Distributed Ledger Technologies, focusing on blockchain.