Privacy & Information Security Law Blog

The New York legislature recently passed the Responsible AI Safety and Education Act, which regulates large developers of frontier AI models.  The bill awaits signature by the New York Governor.

On July 3, 2025, the European Data Protection Board issued the Helsinki Statement outlining new initiatives to make compliance with the GDPR easier and to strengthen consistency and boost cross-regulatory cooperation.

On July 1, 2025, the California Office of the Attorney General announced that the AG had reached a proposed settlement with Healthline Media LLC, the publisher of a website that provides medical and health-related information, over alleged violations of the California Consumer Privacy Act.

On June 27, 2025, the U.S. Supreme Court upheld, by in a 6-3 vote, H.B. 1181, a Texas law that requires certain commercial websites publishing sexually explicit content to verify that visitors are 18 years of age or older.

SolarWinds has reached an agreement in principle with the US Securities and Exchange Commission in the agency’s ongoing securities fraud lawsuit against the company and its former chief information security officer in connection with a series of cyberattacks against the company.

Maria Ibanez, Director of Innovation and Technology at PPU Legal, provides an overview of significant updates to Chile's cybersecurity law, highlighting its application to “essential service providers” in the electricity and banking sectors and imposing stricter obligations on “operators of vital importance”. This law introduces penalties for infractions, based on their severity, and establishes the National Cybersecurity Agency.

On June 27, 2025, the Cyberspace Administration of China released the third version of the Guidance on the Application for Security Assessment of Cross-border Data Transfers.

On June 16, the Federal Trade Commission provided guidance on the updated Safeguards Rule and its application to motor vehicle dealers by releasing a series of Frequently Asked Questions.

On June 18, 2025, the U.S. District Court for the Northern District of Texas vacated the HIPAA Privacy Rule to Support Reproductive Health Care Privacy issued by the U.S. Department of Health and Human Services under the Biden Administration.

On June 19, 2025, the UK Data (Use and Access) Act 2025 received Royal Assent. The same day, the UK Information Commissioner’s Office published a comprehensive suite of resources on the Act.