Privacy & Information Security Law Blog

On November 6, 2025, Connecticut Attorney General William Tong, along with California Attorney General Rob Bonta and New York Attorney General Letitia James, announced a significant settlement stemming from the enforcement of Connecticut’s Student Data Privacy Law.

On December 1, 2025, the UK Information Commissioner’s Office announced a new initiative to scrutinize privacy protections in mobile games frequently played by children in the UK.

Nishith Desai Associates reports that on November 13, 2025, India’s Ministry of Electronics and Information Technology enacted India’s Digital Personal Data Protection Rules, 2025, which operationalize India’s Digital Personal Data Protection Act, 2023.

On November 21, 2025, California Attorney General Rob Bonta announced a $1.4 million settlement with Jam City, a mobile gaming app company, for violations of the California Consumer Privacy Act’s opt-out of sale/sharing requirements.

California recently enacted California Assembly Bill 656, which requires social media platforms to make it easier and more straightforward for users to delete their social media accounts and personal information.

On November 20, 2025, the U.S. Securities and Exchange Commission issued a brief announcement that it filed a joint stipulation with defendants SolarWinds Corporation and its Chief Information Security Officer to dismiss, with prejudice, the SEC’s ongoing civil enforcement action against them.

On November 17, 2025, the Federal Trade Commission announced that Commissioner Melissa Holyoak has resigned her post, bringing the total number of vacant commissioner seats to three.

On November 19, 2025, the European Commission unveiled the much-anticipated digital omnibus legislative package (the “Digital Omnibus”), setting the stage for a new era of digital governance and regulatory simplification across the European Union. According to the Commission, this initiative is designed to enable European businesses to devote more energy to innovation and growth, rather than navigating complex compliance landscapes.

On November 17, 2025, the Council of the European Union adopted new rules designed to strengthen cooperation among national data protection authorities, enhancing the enforcement of the EU General Data Protection Regulation.

On November 12, 2025, the Centre for Information Policy Leadership at Hunton published a discussion paper titled “Comparing U.S. State Privacy Laws: Covered and Sensitive Data,” the latest in its discussion paper series comparing key elements of U.S. state privacy laws.