On November 6, 2025, the CaliforniaConnecticut, and New York Attorneys General (collectively, the “Attorneys General”) announced a settlement with Illuminate Education, Inc. to resolve allegations that the company violated state privacy laws following a student data breach. The settlement marks the first enforcement actions under the California K-12 Pupil Online Personal Information Protection Act (KOPIPA, formerly known as SOPIPA) and Connecticut’s Student Data Privacy Law, and also constitutes the second major enforcement action under New York Education Law § 2-d.Continue Reading EdTech Provider Agrees to $5.1 Million Settlement with Three State Attorneys General over Student Data Breach

On October 13, 2025, California concluded a busy legislative term by enacting a slew of key privacy and AI-related bills, aimed at enhancing consumer protection and regulating emerging AI technology applications. These measures address a range of critical issues, including consumer opt-out signals, data broker transparency requirements, age assurance, minors’ safety, companion chatbots, and AI development. We summarize some of the most significant of these privacy and AI bills that were signed into law by California Governor Gavin Newsom, below.Continue Reading California Enacts Nearly a Dozen Key Privacy and AI Bills into Law

On October 9, 2025, the European Commission (EC) and the European Data Protection Board (EDPB) published Draft Guidance on the interplay between the Digital Markets Act (DMA) and the General Data Protection Regulation (GDPR, and the Draft Guidance).Continue Reading Connecting Competition and Privacy: EU Regulators Release Draft Guidance on DMA and GDPR Interplay

Introduction

Artificial intelligence (AI) is increasingly being used in mental healthcare for functions such as clinical decision support, notetaking and transcription, symptom screening and triage, administrative and operational improvements, augmenting the provider-patient relationship, post-visit remote monitoring, and companionship.Continue Reading Legal Framework for AI in Mental Healthcare

On September 29, 2025, California Governor Gavin Newsom signed into law Senate Bill 53, the Transparency in Frontier AI Act (TFAIA), the first-of-its-kind AI legislation in the U.S. that will require large AI developers to publicly disclose how they plan to mitigate potentially “catastrophic risks” posed by advanced frontier AI models. The law builds on recommendations from the June 2025 report from the Joint California AI Policy Working Group and is a pared-back successor to last year’s unsuccessful Senate Bill 1047, which was vetoed amidst industry opposition. Most provisions of SB 53 will be effective starting January 1, 2026.Continue Reading California Enacts Major AI Safety Legislation for Frontier AI Developers

On September 12, 2025, the European Data Protection Board (EDPB) adopted guidelines (Guidelines) on the interplay between the EU Digital Services Act (DSA) and the General Data Protection Regulation (GDPR). The Guidelines seek to clarify the data protection issues that regulated online services should take into account when seeking to comply with their obligations under the GDPR.Continue Reading EDPB Issues First Guidelines on the Interplay Between the Digital Services Act and the GDPR