Privacy

Subscribe to Privacy via RSS

On September 29, 2025, California Governor Gavin Newsom signed into law Senate Bill 53, the Transparency in Frontier AI Act (TFAIA), the first-of-its-kind AI legislation in the U.S. that will require large AI developers to publicly disclose how they plan to mitigate potentially “catastrophic risks” posed by advanced frontier AI models. The law builds on recommendations from the June 2025 report from the Joint California AI Policy Working Group and is a pared-back successor to last year’s unsuccessful Senate Bill 1047, which was vetoed amidst industry opposition. Most provisions of SB 53 will be effective starting January 1, 2026.Continue Reading California Enacts Major AI Safety Legislation for Frontier AI Developers

On September 12, 2025, the European Data Protection Board (EDPB) adopted guidelines (Guidelines) on the interplay between the EU Digital Services Act (DSA) and the General Data Protection Regulation (GDPR). The Guidelines seek to clarify the data protection issues that regulated online services should take into account when seeking to comply with their obligations under the GDPR.Continue Reading EDPB Issues First Guidelines on the Interplay Between the Digital Services Act and the GDPR

Effective September 12, 2025, the EU Data Act introduced new rules on access to and sharing of data from certain products and services in business-to-consumer (B2C), business-to-business (B2B), and business-to-government (B2G) contexts. This alert highlights the key obligations. The EU Data Act applies to any business offering products or services in the EU, regardless of its location.Continue Reading EU Data Act Enters into Force

On September 9, 2025, the attorneys general of California, Colorado, and Connecticut and the California Privacy Protection Agency (CPPA) announced a joint investigative sweep of potential failures by businesses to honor consumers’ rights to opt

Continue Reading State AGs Unveil Investigation Sweep Targeting Businesses Ignoring Consumer Opt-Out Signals

On August 11, 2025, the U.S. District Court for the Northern District of California denied a motion to dismiss a California Invasion of Privacy Act (CIPA) class action lawsuit filed against ConverseNow Technologies, Inc. ConverseNow

Continue Reading U.S. Federal Court Allows CIPA Class Action Against AI Customer Service Provider to Proceed

On September 3, 2025, the EU General Court (the General Court) (the second-highest court in the European Union (EU)) upheld the validity of EU-U.S. Data Privacy Framework (DPF) in Philippe Latombe v European Commission (T-553/23).

Continue Reading EU Court Upholds the Validity of the EU-U.S. Data Privacy Framework