As we ring in the new year, we want to make you aware of key issues that we expect lawmakers and regulators to focus on this year. Below are the top U.S. data, privacy, and cybersecurity issues to watch out for in 2026:Continue Reading 2026 Year in Preview: U.S. Data, Privacy, and Cybersecurity Prediction
In 2025, lawmakers and enforcement agencies around the globe have kept one issue firmly in the spotlight: the privacy and safety of minors online. This heightened focus shows no sign of abating, with early indications that companies should expect to see more legislative and regulatory initiatives in the year ahead.
In this post, we identify some of the key developments over the last 12 months and outline our predictions about what the next year may bring.Continue Reading 2026 Year in Preview: Global Minors’ Privacy and Online Safety Predictions
On July 14, 2025, the European Commission (EC) published its guidelines (the Guidelines) on the protection of minors online. These Guidelines, which were initially released for consultation in May 2025, provide direction for online platforms on the steps they can take to comply with their duties to protect the privacy, safety, and security of minors under the EU’s Digital Services Act (DSA). They focus on assessing and mitigating platform risks, the appropriate use of age assurance, and measures that should be taken to protect minors from manipulative commercial practices.Continue Reading European Commission Publishes DSA Guidelines on the Protection of Minors Online
Companies that may have child users, or whose competitors have child users, take note. On January 16, 2025, the Federal Trade Commission (FTC) announced the final amendments to the Children’s Online Privacy Protection Rule (COPPA Rule). At a high level, the COPPA Rule requires websites or online services to provide notice and obtain verifiable parental consent before collecting information from children under the age of 13. The Rule’s amendments slightly expand the Rule’s scope, change the previous notice and consent provisions, and implement new data security requirements. Violations of the Rule would be subject to $53,088 in civil penalties per violation.Continue Reading New Federal Children’s Privacy Requirements Are Not Child’s Play: FTC Amends COPPA Rule, Imposing New Obligations on Child-Directed Services
On September 13, 2024, the Colorado Attorney General’s office (the Colorado Department of Law) proposed draft amendments (draft regulations) to its Colorado Privacy Act (CPA) regulations, which took effect
Continue Reading Colorado Department of Law Proposes Amendments to the Colorado Privacy Act Regulations Regarding Biometric and Minors’ Data
On March 25, 2024, Governor Ron DeSantis signed Florida’s HB 3. The law requires that social media platforms prohibit users under 14 years old from creating accounts and requires these platforms to obtain parental consent for account registrants who are 14 or 15 years old. The law also imposes age verification requirements for online services that knowingly distribute a significant amount of “harmful” content.Continue Reading State Social Media Law Patchwork Emerging: Florida Passes Law to Restrict Minors’ Use of Online Services
On August 12, 2019, the Greek Ministry of Justice published the long-awaited, draft legislation for implementing the General Data Protection Regulation (GDPR). Greece and Slovenia are the only two European Union (EU) countries that have not yet implemented the GDPR.
As an EU regulation, the GDPR has legally taken effect in every EU country, including Greece. In fact, the Greek Supervisory Authority recently imposed a 150,000EUR fine on a company for GDPR violations. However, the GDPR allows EU countries to adopt certain derogations, specifications, and exceptions through their implementing legislation. The draft, inter alia, does this through the following provisions:
The draft requires that a minor over 15 years old (and up to 18 years old) must consent to the processing of his/her personal data for the processing to be lawful. When a minor is under 15 years old, the minor’s legal guardian must consent.Continue Reading Greece Publishes Draft Legislation for Implementing GDPR