Privacy & Information Security Law Blog

On May 7, 2025, the Colorado legislature passed a bill that would amend the Colorado Privacy Act’s provisions regarding the processing of precise geolocation data if signed into law by Colorado Governor Jared Polis.

On May 9, 2025, Texas Attorney General Ken Paxton announced a $1.375 billion agreement in principle to settle cases it filed against Google in 2022 alleging that Google unlawfully collected, stored and used certain personal data of Texans without consent, including location information, biometric identifiers and web browsing activity.

On April 29, 2025, the Michigan Attorney General filed a lawsuit against Roku alleging violations of the Children’s Online Privacy Protection Act.

The Centre for Information Policy Leadership at Hunton is pleased to launch “CIPL In Focus”—a knowledge-sharing roundtable for in-depth discussions with senior-level professionals.

On May 9, 2025, the Texas House of Representatives passed Senate Bill 2420—the App Store Accountability Act—by a vote of 120 to 9. The bill, which previously cleared the state Senate in April by a vote of 30 to 1, now awaits concurrence from the Senate on House amendments before it can be sent to Governor Greg Abbott.

On May 6, 2025, the Missouri Attorney General Andrew Bailey announced a rule filed under the Missouri Merchandising Practices Act on social media platform content moderation.

On March 5, 2025, the European Data Protection Board published Opinion 06/2025 on the extension of the European Commission Implementing Decisions under the GDPR and the Law Enforcement Directive on the adequate protection of personal data in the United Kingdom.

Since the beginning of 2025, the Cyberspace Administration Authority has continued to strengthen the protection of minors on the Internet.

On May 6, 2025, the California Privacy Protection Agency announced that it had issued an order requiring clothing retailer Todd Snyder, Inc. to change its business practices and pay a $345,178 fine to resolve alleged violations of the California Consumer Privacy Act.

In April 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights announced a HIPAA enforcement settlement with Comprehensive Neurology, PC, a New York-based neurology practice, in connection with a ransomware incident that compromised the electronic protected health information of approximately 6,800 individuals.