Privacy & Information Security Law Blog

On August 13, 2025, the UK ICO published guidance on how data protection principles apply to live facial recognition technology when used by law enforcement.

The California Privacy Protection Agency recently announced that it had ordered Washington-based data broker, Accurate Append, Inc., to pay a $55,400 fine and the CPPA’s attorneys’ fees and costs, in addition to injunctive relief, for failure to register as a data broker with the CPPA and pay an annual fee, as required by California’s Delete Act.

The Kentucky Attorney General recently filed a lawsuit against Temu, an online shopping platform, alleging that Temu violates the privacy of Kentucky residents.

On August 2, 2025, the AI Act’s rules on general-purpose AI models became applicable.

New York recently passed legislation regulating the use of algorithmic pricing using personal data and the operation of AI companions.

The Centre for Information Policy Leadership at Hunton recently filed responses to consultations from Colorado, Canada, and Australia, each of which addressed issues of children’s privacy and safety.

Connecticut enacted SB 1295 in June, which added another round of amendments to the Connecticut Data Privacy Act. While most of the changes will take effect on July 1, 2026, impact assessment requirements will apply to processing activities created or generated on or after August 1, 2026.

On July 30, 2025, the UK Information Commissioner’s Office launched a consultation seeking feedback on draft guidance concerning the use of profiling tools for online safety.

Salesforce recently modified its Slack API Terms of Service to prohibit the bulk exporting or copying of Slack data, or the use of Slack data in connection with LLMs, potentially posing significant changes to the way organizations may use Slack.  

On July 25, 2025, the UK government published guidance outlining the key stages for bringing the provisions of the UK Data (Use and Access) Act into effect.