On September 3, 2025, the EU General Court (the General Court) (the second-highest court in the European Union (EU)) upheld the validity of EU-U.S. Data Privacy Framework (DPF) in Philippe Latombe v European Commission (T-553/23).
Continue Reading EU Court Upholds the Validity of the EU-U.S. Data Privacy Framework
In May 2025, New York State Governor Hochul signed Part X of New York’s annual budget, titled, “Personalized Pricing Transparency and Anti-Discrimination.” Part X, which took effect on July 8, 2025, sets disclosure requirements for the use of algorithmic pricing and prohibits the use of certain consumer data to set prices.Continue Reading New York Requires Disclosures for Personalized Pricing
On February 2, 2025, the European Union’s (EU) Artificial Intelligence Act (AI Act) will start to apply in phases. This alert summarizes the new obligations that will apply as of February 2, 2025. It also indicates when companies can expect the first enforcement actions, and what the enforcement regime will look like. For more information about the scope and requirements of the AI Act, please see our 10 Things You Should Know About the EU AI Act.Continue Reading The EU’s AI Act Starts to Apply as of February 2, 2025
On December 10, 2024, President-elect Trump named FTC Commissioner Andrew Ferguson as next Chairman of the Federal Trade Commission (FTC), replacing Chair Lina Khan on January 20, 2025. As a Senate-approved sitting Commissioner, he will not need Senate approval to assume the role of Chairman. President-elect Trump also named Mark Meador as a Commissioner to fill the slot currently occupied by Chair Khan. Meador is a former staff member for Senator Mike Lee (R-UT). He has experience serving at the FTC, having spent five years at the beginning of his career working on antitrust cases at the agency.Continue Reading Shaping Consumer Protection: What to Expect from Incoming Chairman Ferguson’s FTC
On December 3, 2024, the Consumer Financial Protection Bureau (CFPB) announced its highly anticipated and controversial proposed rule that primarily aims to bring data brokers within the scope of the Fair Credit Reporting Act (FCRA). Data brokers have long argued that they do not furnish “consumer reports,” and thus do not constitute “consumer reporting agencies” subject to the FCRA’s obligations. The CFPB catalogues the harms that have resulted from such a stance; namely, risks to national security, financial well-being, and personal safety when data brokers sell information to countries of concern, scammers, or stalkers. The proposed rule seeks to cover data brokers by clarifying key provisions within the definition of “consumer report.” The proposed rule also aims to shore up consumer protections under the FCRA by interpreting the definition of “consumer reporting agency” more broadly and permissible purposes for furnishing consumer reports more narrowly, such as consumer consent and legitimate business needs. The CFPB seeks public comment on the proposed rule, which must be received on or before March 3, 2025.Continue Reading CFPB Issues Proposed Rule to Cover Data Brokers Under the Fair Credit Reporting Act
On November 8, 2024, the California Privacy Protection Agency (CPPA) Board met to discuss and vote on various proposed California Consumer Privacy Act (CCPA) regulations related to cybersecurity audits, automated decision-making technology (e.g., artificial intelligence (AI)), privacy risk assessments, and a wide assortment of other updates to existing CCPA regulations; data broker registration regulations; and the development of the Delete Request and Opt-Out Platform (DROP) required by the Delete Act. The CPPA Board also voted to approve settlements with two data brokers for allegedly failing to register and pay an annual fee as required by the Delete Act.Continue Reading California’s Privacy Regulatory Odyssey Continues: Formal CCPA Rulemaking on the Horizon Amidst Expanded Data Broker Requirements
In recent months, politicians and regulators across a number of jurisdictions have called on operators of online platforms to take seriously their legal obligations to promote a safe online environment. The safety of children online has continued to dominate this conversation, with a recent joint UK-U.S. statement (Statement) declaring that online platforms should “go further and faster in their efforts to protect children.”
This alert sets out the regulatory focus areas of the European Commission (EC), the Irish Coimisiún na Meán (CNAM), and the UK’s online safety regulator Ofcom.Continue Reading Regulators in Europe Signal Increased Scrutiny of Online Platforms