Privacy & Information Security Law Blog

On June 11, 2025, the UK Data (Use and Access) Bill successfully navigated its final parliamentary hurdle and will soon become law.

On May 30, 2025, the Texas legislature passed the Texas Responsible Artificial Intelligence Act, which regulates the development and deployment of AI systems.

On May 30, 2025, the Texas Legislature passed S.B. 1343, which amends the Texas Data Broker Act to impose new notice and registration obligations on data brokers.

The U.S. Department of Health and Human Services Office for Civil Rights recently announced two settlements over alleged violations of the HIPAA Security Rule, against a covered entity and a business associate, respectively, specifically with respect to unauthorized access to ePHI and failure to properly secure ePHI.

On June 4, 2025, the European Data Protection Board published the final version of Guidelines 02/2024 on Article 48 of the GDPR regarding data transfers to third country authorities. In addition, during its June plenary meeting, the EDPB presented two new Support Pool of Experts projects to provide training materials on AI and data protection.

On May 27, 2025, and June 3, 2025, Oregon Governor Tina Kotek signed into law H.B. 3875 and H.B. 2008, each of which amends the Oregon Consumer Privacy Act.

On May 27, 2025, Texas Governor Greg Abbott signed the Texas App Store Accountability Act into law, which will require app stores to verify the age of users and comply with certain requirements and restrictions with respect to minor users under the age of 18. The Act takes effect on January 1, 2026.

On April 11, 2025, the North Dakota governor signed H.B. 1127, which establishes new data security measures and breach notification obligations for financial corporations.

On May 19, 2025, President Trump signed into law the Take It Down Act, which bans the nonconsensual online publication of sexually explicit images and videos that are both authentic and computer-generated, and includes notice and takedown obligations for covered online platforms.

On May 7, 2025, the European Commission published a Q&A addressing AI literacy obligations under the EU AI Act. The Q&A provides further detail on Article 4 of the EU AI Act, clarifying the measures that entities in scope are required to employ to ensure AI literacy.