On April 15, 2026, the UK Competition and Markets Authority (CMA) issued a Final Infringement Notice to two major UK driving-school businesses owned by British motoring association, the AA. The notice—which was issued following a settlement with the AA—marks the CMA’s first direct enforcement action for a substantive breach of consumer law under the UK’s new enforcement regime. The investigation, opened in November 2025, concluded swiftly. The CMA ordered the AA to refund more than £760,000 (approximately $1 million) to its customers and pay a fine of £4.2 million (approximately $5.7 million) for “drip” pricing practices, representing the first use of the CMA’s new powers to impose direct fines and order consumer redress for breaches of UK consumer law.

Continue Reading CMA Drives On with New Consumer Protection Powers: CMA Secures Consumer Refunds and Issues Fines over Drip Pricing

Key Takeaways

  • The newly announced “Cyber Strategy for America” (Cyber Strategy) marks an expansion and tonal shift from the previous National Cybersecurity Strategy, emphasizing a proactive stance against foreign adversaries and cybercrime through offensive operations and enhanced collaboration with the private sector.
  • While the Cyber Strategy does not impose direct obligations on businesses, it signals an increasing market of government contracts for commercial cybersecurity firms, including via the recent appropriation of $1 billion from the One Big Beautiful Bill.
  • The administration aims to simplify cyber regulations, potentially impacting compliance frameworks.
Continue Reading President Trump Issues a “Cyber Strategy for America” and an Executive Order on Combating Cyber-Enabled Crime

On February 25, 2026, the Federal Trade Commission (FTC) issued an enforcement statement to promote the use of age verification technologies on the heels of its January 28 workshop on the topic. The workshop explored issues related to age verification and how these innovative tools could be used in furtherance of child safety without creating liability under the Children’s Online Privacy Protection Act (COPPA) and its implementing rule (the COPPA Rule).

Continue Reading FTC Promotes Age Verification in Children’s Privacy Enforcement Statement

On February 10, 2026, the Court of Justice of the European Union (CJEU) confirmed in a landmark judgment that companies can seek annulment of European Data Protection Board (EDPB) binding decisions before the adoption of

Continue Reading Court of Justice of the European Union Confirms Judicial Review of EDPB Binding Decisions

On February 13, 2026, the UK Competition and Markets Authority (CMA) announced its (December 2025) decision to fine Euro Car Parks £473,000 (approximately $645,000) for failing to respond to an information notice issued under the Digital Markets Competition and Consumers Act (DMCCA).

Continue Reading Stay Within the Lines: UK CMA Fines Parking Company for Noncompliance with Information Notice on Consumer Protection

On February 5, 2026, South Carolina Governor Henry McMaster signed H. 3431, Age-Appropriate Code Design (SC AACD) into law, becoming the fifth state to enact an age-appropriate design code law after California, Maryland, Nebraska, and Vermont.1 The law, which went into immediate effect upon the governor’s signature, adds to the steadily increasing patchwork of teens’ and children’s online safety legislation in the U.S. Notably, covered online services are liable for treble damages incurred as result of a violation of the statute. Further, officers and employees may be held personally liable for “wil[l]ful and wanton” violations of the SC AACD. The law is already facing a legal challenge by a trade association.

Continue Reading South Carolina Becomes Fifth State to Enact Age-Appropriate Design Code Law

On February 5, 2026, key reforms to the UK’s data protection regime came into force, effectuating a departure from certain aspects of the EU regime and underscoring an emerging divergence between the UK and EU frameworks. These changes introduce new flexibility in areas such as cookie consent, automated decision-making (ADM) and processing of data for scientific research purposes, while raising the bar for compliance in areas such as the handling of data relating to minors.

Continue Reading Reforms to UK Data Protection and Privacy Laws Come into Force