New enforcement sweep on cookie banners, conducted by Netherlands privacy regulator, shows both EU and US companies that the need to prioritize website tracking hygiene and transparency.
State AG’s Ramping Up Enforcement of Student Data Privacy with new Landmark Settlement
The Attorney’s General of Connecticut, California and New York reached a $5.1 million settlement with Illuminate Education, for failing to implement proper information security measures to protect data of students
Continue Reading State AG’s Ramping Up Enforcement of Student Data Privacy with new Landmark SettlementHIPAA, but for non-Covered Entities?
New bill, proposed by Bill Cassidy (R-LA), Chair of the Senate Health, Education, Labor and Pensions Committee (HELP), purports to apply the privacy and security practices under the HITECH Act
Continue Reading HIPAA, but for non-Covered Entities?Philippines Data Protection Authority: Biometric Data Is Not for Sale: Lessons for U.S. Privacy Law
“Smile, You’re on Camera”: Meets GDPR and U.S. Privacy Law in the retail context
A Bavarian court held that a store’s private security guard lawfully used a body-worn camera under Article 6(1)(f) GDPR to protect property, maintain order, and ensure staff safety, in a
Continue Reading “Smile, You’re on Camera”: Meets GDPR and U.S. Privacy Law in the retail contextThe Sensitive Data Bulk Transfer Rule: What You Need to Know
The U.S. Department of Justice’s Sensitive Data Bulk Transfer Rule is in effect. That includes, as of Oct. 6, 2025, the requirements on due diligence and compliance.
What does this
Continue Reading The Sensitive Data Bulk Transfer Rule: What You Need to KnowWhat the CPPA Has to Say About the Delete Act and the DROP
The California Privacy Protection Agency recently published materials in advance of its upcoming discussion of the Delete Act Regulations, which regulate the centralized data broker Delete Request and Opt-out Platform
Continue Reading What the CPPA Has to Say About the Delete Act and the DROPThe Vermont Age-Appropriate Design Code Act: What You Need to Know
Vermont recently adopted the Vermont Age-Appropriate Design Code Act, which goes into effect on January 1, 2027. The law is enforceable by the Vermont Attorney General as an unfair or
Continue Reading The Vermont Age-Appropriate Design Code Act: What You Need to KnowHawaii Issues Guidance to State Agencies on AI
Hawaii’s State Data Office recently issued a series of guidance documents for its state agencies on how to handle artificial intelligence. This includes guidance on data protection, data retention and
Continue Reading Hawaii Issues Guidance to State Agencies on AIValid Consent: General Public vs. Gamblers
A new decision by the United Kingdom’s high court says that even if you have cookie and marketing consent mechanisms that are sufficient for valid consent under privacy laws for
Continue Reading Valid Consent: General Public vs. Gamblers