Privacy & Information Security Law Blog

The Federal Trade Commission announced that Citizens Disability and its subsidiary CD Media agreed to pay $1 million to resolve allegations that the companies violated Section 5 of the FTC Act and the Telemarketing Sales Rule in connection with tens of millions of telemarketing calls.

On October 8, 2025, California Governor Newsom signed into law the Opt Me Out Act, which amends the CCPA to require web browsers to provide California consumers with the ability to send a single opt-out preference signal to all businesses with which the consumer interacts through the browser.

On September 26, 2025, California Governor Newsom signed into law Assembly Bill 45, which amends existing California law to strengthen privacy protections for health and location data of individuals seeking health care services, including reproductive health care.

The U.S. Department of Health and Human Services’ Office for Civil Rights and the Assistant Secretary for Technology Policy have released a new version of their Security Risk Assessment Tool, along with an updated SRA Tool User Guide.

On September 29, 2025, California Governor Newsom signed into law the Transparency in Frontier Artificial Intelligence Act. The Act sets new transparency and safety requirements, and whistleblower protections, for companies developing “frontier” artificial intelligence models.

On September 26, 2025, following a public comment period, the California Privacy Protection Agency adopted its regulations concerning the Delete Request and Opt-Out Platform.

Tractor Supply Company, the largest rural lifestyle retailer in the country, recently agreed to pay $1.35 million fine to the California Privacy Protection Agency for CCPA violations.

On September 26, 2025, the European Commission initiated a public consultation on draft guidance and a draft reporting template for serious AI incidents under the EU AI Act.

Last month, the Cyberspace Administration of China issued the draft Measures for the Identification of Online Platform Service Providers with a Substantial Number of Minor Users and Significant Influence on Minors.

Google recently resolved two cases—one by verdict and one by settlement—involving allegations regarding the control that Google promised to give users over Google’s use of their data.