Privacy & Cybersecurity Law Blog

As Oregon celebrated Data Privacy Day on January 28, Oregon Attorney General Dan Rayfield spotlighted a major advance in consumer data protection in the state: the Universal Opt-Out tool, now available to all Oregon residents under the Oregon Consumer Privacy Act.

On January 26, 2026, the Brazilian data protection authority (“ANPD”) announced that Brazil and the European Union agreed to mutually recognize the adequacy of each other’s data protection networks.

On January 8, 2026, New York Attorney General Letitia James sent a letter to Instacart demanding more information about the grocery platform’s use of algorithmic pricing and price-setting experiments.

On January 21, 2026, the European Data Protection Board and the European Data Protection Supervisor issued a Joint Opinion in response to the European Commission’s Proposal for the Digital Omnibus on AI.

On January 15, 2026, the UK Information Commissioner’s Office published updated guidance on international transfers of personal data under the UK GDPR.

On January 20, 2026, the UK government announced a consultation aimed at strengthening children’s well-being in the digital age. The initiative seeks to address growing concerns over the impact of mobile phones and social media on young people.

The New York Office of the Attorney General recently reached a $500,000 settlement with a New York orthopedics practice for allegedly failing to protect patient and employee information in light of a 2023 data breach.

On January 28, 2026, the Federal Trade Commission will hold a public workshop on age verification technologies.

In January 2026, new and amended comprehensive U.S. state privacy laws, as well as U.S. state laws regulating social media platforms and artificial intelligence, went into effect.

The Consumer and Governmental Affairs Bureau (“CBG”) has extended, to January 31, 2027, the effective date of the Federal Communications Commission’s (“FCC”) Telephone Consumer Protection Act (“TCPA”) “global revocation” rule.