Privacy & Information Security Law Blog

On May 8, 2025, the European Data Protection Board and the European Data Protection Supervisor adopted a joint letter addressed to the European Commission regarding the upcoming proposal to simplify record-keeping obligations under the EU General Data Protection Regulation.

As the UK Data (Use and Access) Bill reaches its final stages, the House of Commons and the House of Lords are still debating several key issues. This blog provides a summary of the outstanding issues.

On May 9, 2025, the California Privacy Protection Agency opened a formal public comment period for modifications to the text of proposed California Consumer Privacy Act regulations addressing cybersecurity audits, risk assessments, automated decisionmaking technology, insurance companies, and updates to existing CCPA regulations. The comment period will remain open until June 2, 2025.

On May 7, 2025, the Colorado legislature passed a bill that would amend the Colorado Privacy Act’s provisions regarding the processing of precise geolocation data if signed into law by Colorado Governor Jared Polis.

On May 9, 2025, Texas Attorney General Ken Paxton announced a $1.375 billion agreement in principle to settle cases it filed against Google in 2022 alleging that Google unlawfully collected, stored and used certain personal data of Texans without consent, including location information, biometric identifiers and web browsing activity.

On April 29, 2025, the Michigan Attorney General filed a lawsuit against Roku alleging violations of the Children’s Online Privacy Protection Act.

The Centre for Information Policy Leadership at Hunton is pleased to launch “CIPL In Focus”—a knowledge-sharing roundtable for in-depth discussions with senior-level professionals.

On May 9, 2025, the Texas House of Representatives passed Senate Bill 2420—the App Store Accountability Act—by a vote of 120 to 9. The bill, which previously cleared the state Senate in April by a vote of 30 to 1, now awaits concurrence from the Senate on House amendments before it can be sent to Governor Greg Abbott.

On May 6, 2025, the Missouri Attorney General Andrew Bailey announced a rule filed under the Missouri Merchandising Practices Act on social media platform content moderation.

On March 5, 2025, the European Data Protection Board published Opinion 06/2025 on the extension of the European Commission Implementing Decisions under the GDPR and the Law Enforcement Directive on the adequate protection of personal data in the United Kingdom.