The UK’s antitrust and consumer agency—the Competition and Markets Authority (CMA)—has announced its first enforcement actions under the country’s new consumer protection regime. On November 18, 2025, the CMA opened eight investigations into various pricing practices, issued advisory letters to 100 businesses across 14 sectors, and published new price transparency guidance. The actions send a clear message: the CMA is ready to deploy its new, enhanced powers to tackle business practices that it believes are the most harmful to consumers.Continue Reading Price Check: The UK’s New Consumer Protection Push
The EU Omnibus Proposals Intend to Introduce More Flexibility in the GDPR, AI Act, and Other EU Digital Regulations
Posted in Cybersecurity, Privacy
On November 19, 2025, the EU Commission (Commission) published a set of legislative proposals to introduce more flexibility into a number of EU digital regulations, including:
- the Digital Omnibus, which amends a number of provisions of the General Data Protection Regulation (GDPR) and the ePrivacy Directive, as well as the Data Act; and
- the AI Omnibus, which focuses on the AI Act (jointly, the Omnibus Proposals).
EdTech Provider Agrees to $5.1 Million Settlement with Three State Attorneys General over Student Data Breach
Posted in Cybersecurity
On November 6, 2025, the California, Connecticut, and New York Attorneys General (collectively, the “Attorneys General”) announced a settlement with Illuminate Education, Inc. to resolve allegations that the company violated state privacy laws following a student data breach. The settlement marks the first enforcement actions under the California K-12 Pupil Online Personal Information Protection Act (KOPIPA, formerly known as SOPIPA) and Connecticut’s Student Data Privacy Law, and also constitutes the second major enforcement action under New York Education Law § 2-d.Continue Reading EdTech Provider Agrees to $5.1 Million Settlement with Three State Attorneys General over Student Data Breach
What’s Happening at the FTC During the Government Shutdown?
Posted in Privacy
The federal government has been shut down for over a month. We previously reported on implications for the Federal Trade Commission’s (FTC) antitrust work here. What does the shutdown mean for the FTC’s consumer protection, privacy, safety, and AI work?Continue Reading What’s Happening at the FTC During the Government Shutdown?
California Enacts Nearly a Dozen Key Privacy and AI Bills into Law
By Edward Holman, Tracy Shapiro & Doo Lee on
Posted in Privacy
On October 13, 2025, California concluded a busy legislative term by enacting a slew of key privacy and AI-related bills, aimed at enhancing consumer protection and regulating emerging AI technology applications. These measures address a range of critical issues, including consumer opt-out signals, data broker transparency requirements, age assurance, minors’ safety, companion chatbots, and AI development. We summarize some of the most significant of these privacy and AI bills that were signed into law by California Governor Gavin Newsom, below.Continue Reading California Enacts Nearly a Dozen Key Privacy and AI Bills into Law
Connecting Competition and Privacy: EU Regulators Release Draft Guidance on DMA and GDPR Interplay
By Cédric Burton, Jindrich Kloub, Deirdre Carroll, Carol Evrard, Laurine Daïnesi Signoret & Claudia Chan on
Posted in Privacy
On October 9, 2025, the European Commission (EC) and the European Data Protection Board (EDPB) published Draft Guidance on the interplay between the Digital Markets Act (DMA) and the General Data Protection Regulation (GDPR, and the Draft Guidance).Continue Reading Connecting Competition and Privacy: EU Regulators Release Draft Guidance on DMA and GDPR Interplay