Uncategorized

Subscribe to Uncategorized via RSS

On December 2, 2025, the Court of Justice of the EU (CJEU) in X v Russmedia Digital SRL (C-492/23), ruled that the operator of an online marketplace, as a data controller, is responsible for the processing of personal data contained in advertisements published on its platform, and cannot rely on the hosting liability safe harbor to avoid responsibility for General Data Protection Regulation (GDPR) infringements arising from unlawful processing.Continue Reading CJEU Rules on Online Marketplaces’ Liability for User Content Under the GDPR

On July 10, 2025, the European Commission (EC) published the final version of the General-Purpose AI Code of Practice (Code). This voluntary instrument provides guidance on how providers of general-purpose AI models (GPAI), including those posing systemic risks (GPAI-SR), can comply with their obligations under the AI Act, which become applicable on August 2, 2025. The Code is structured around three key areas: transparency, copyright, and safety and security. Adherence to the Code is voluntary, but providers who decide not to comply with it may face heightened scrutiny from regulators, as they will be expected to demonstrate AI Act compliance through alternative means.Continue Reading EU Releases Final Code of Practice for General-Purpose AI Models

On December 2, 2024, the Federal Trade Commission (FTC) announced it had filed a complaint against GOAT, an online retailer of sneakers, apparel, and accessories. In the complaint, the FTC alleged, among other things, that GOAT failed to honor its “Buyer Protection” policy for consumers who received deficient products. The FTC also alleged that GOAT failed to offer consumers whose products were delayed beyond the promised delivery period a clear and conspicuous way to consent to the delay or cancel the order in exchange for a refund. Furthermore, the FTC alleged that consumers were forced to repeatedly contact customer service for relief, and often received inadequate refunds.Continue Reading FTC Files Consumer Protection Complaint Against GOAT

On October 19, 2023, the Consumer Financial Protection Bureau (CFPB) announced its long-awaited proposed rule regulating “Personal Financial Data Rights” (the proposed rule). The proposed rule implements Section 1033 of the Dodd-Frank Act, which provides consumers the right to access and port their financial information between banks and other financial entities. CFPB Director Rohit Chopra stated that the proposal would accelerate the shift towards open banking and jumpstart competition in the U.S. financial service sector by giving consumers “the power to walk away from bad service” and switch providers.Continue Reading CFPB Announces Proposed Rules to Accelerate Open Banking

On March 15, 2023, the Colorado Attorney General’s (Colorado AG) office released the final version of the Colorado Privacy Act (ColoPA) rules (the final rules), which are based on public comments on the third version

Continue Reading Colorado AG’s Office Announces Final Colorado Privacy Act Rules: Key Takeaways

On March 15, 2023, the European Data Protection Board (EDPB) announced a coordinated action on the role of the data protection officers (DPOs). The data protection authorities (DPAs) will ask DPOs a series of questions

Continue Reading EU Privacy Regulators Coordinate to Assess Compliance with the GDPR Rules on Data Protection Officers