Privacy & Cybersecurity Law Blog

On January 20, 2026, the European Commission proposed a comprehensive new cybersecurity package aimed at strengthening the EU’s cybersecurity resilience and enhancing its capacity to manage evolving threats.

The U.S. Supreme Court will soon decide who qualifies as a “consumer” under the federal Video Privacy Protection Act, a 1988 law originally enacted to protect the privacy of individuals’ video rental and purchase records.

On January 26, 2026, the Brazilian data protection authority (“ANPD”) announced that Brazil and the European Union agreed to mutually recognize the adequacy of each other’s data protection networks.

On January 8, 2026, New York Attorney General Letitia James sent a letter to Instacart demanding more information about the grocery platform’s use of algorithmic pricing and price-setting experiments.

On January 21, 2026, the European Data Protection Board and the European Data Protection Supervisor issued a Joint Opinion in response to the European Commission’s Proposal for the Digital Omnibus on AI.

On January 15, 2026, the UK Information Commissioner’s Office published updated guidance on international transfers of personal data under the UK GDPR.

On January 20, 2026, the UK government announced a consultation aimed at strengthening children’s well-being in the digital age. The initiative seeks to address growing concerns over the impact of mobile phones and social media on young people.

The New York Office of the Attorney General recently reached a $500,000 settlement with a New York orthopedics practice for allegedly failing to protect patient and employee information in light of a 2023 data breach.

On January 28, 2026, the Federal Trade Commission will hold a public workshop on age verification technologies.

In January 2026, new and amended comprehensive U.S. state privacy laws, as well as U.S. state laws regulating social media platforms and artificial intelligence, went into effect.