privacy

Subscribe to privacy via RSS

On June 18, 2025, the United States District Court for the Northern District of Texas vacated most of the rules designed to enhance reproductive healthcare privacy promulgated by the U.S. Department of Health and Human Services (HHS) in 2024. More specifically, the court ruled in Purl v. United States Department of Health and Human Services et al, No. 2:2024cv00228 (N.D. Tex. 2025) (the Decision) that the “Health Insurance Portability and Accountability Act Privacy Rule to Support Reproductive Health Care Privacy” (the “2024 HIPAA Rule”) is contrary to law because it unlawfully limits state public health laws; impermissibly redefines certain terms in contravention of federal law and in excess of statutory authority; and exceeds HHS’s authority. Regulations promulgated under HIPAA prior to the 2024 HIPAA Rule remain unchanged.Continue Reading Texas District Court Vacates 2024 HIPAA Rule Designed to Enhance Reproductive Healthcare Privacy, Effective Nationwide

On March 25, 2025, Utah Governor Spencer Cox signed HB 452, which establishes new rules for the use of artificial intelligence (AI) mental health chatbots accessible to any “Utah user,” defined as, “an individual located in the state at the time the individual accesses or uses a mental health chatbot.” Digital health companies and AI chatbot providers should take note of this new law to ensure compliance with its requirements.Continue Reading Utah Enacts Mental Health Chatbot Law

Companies that may have child users, or whose competitors have child users, take note. On January 16, 2025, the Federal Trade Commission (FTC) announced the final amendments to the Children’s Online Privacy Protection Rule (COPPA Rule). At a high level, the COPPA Rule requires websites or online services to provide notice and obtain verifiable parental consent before collecting information from children under the age of 13. The Rule’s amendments slightly expand the Rule’s scope, change the previous notice and consent provisions, and implement new data security requirements. Violations of the Rule would be subject to $53,088 in civil penalties per violation.Continue Reading New Federal Children’s Privacy Requirements Are Not Child’s Play: FTC Amends COPPA Rule, Imposing New Obligations on Child-Directed Services

Legislators and regulators across the European Union (EU) and the United Kingdom (UK) are intensifying efforts to enhance the protection of minors online, responding to growing concerns about children’s safety in the digital space. Recent regulations (including the EU Digital Services Act) and guidance impose increasingly strict obligations for providers to restrict access to harmful content for children.Continue Reading Increased Focus on the Protection of Minors and Age Verification in the EU and the UK

With Inauguration Day just around the corner, we are likely to see a host of new legislative and enforcement initiatives at the federal level. The Federal Trade Commission (FTC) will shift certain priorities under incoming Chairman Andrew Ferguson’s direction. And at the state level, legislatures and state attorneys general (state AGs) will continue to be active, enacting and enforcing a slate of new laws. As we ring in the new year, companies should be mindful of the new laws, regulations, and enforcement priorities that will likely impact them. Below are the top 10 U.S. privacy, cybersecurity, and consumer protection developments to watch out for in 2025:Continue Reading New Year, New Developments: 2025 U.S. Privacy, Cybersecurity, and Consumer Protection Predictions

In October 2024, the UK government introduced the Data (Use and Access) Bill (the Data Bill) to Parliament. The Data Bill represents a third attempt by UK ministers to bring about reforms to the UK’s data protection and ePrivacy regimes. If enacted, the Data Bill will introduce changes to the existing regime, including by reducing restrictions on automated decision-making and enhancing powers for the UK’s privacy regulator. It will also lay the groundwork for new “Smart Data” schemes, which will in future require companies operating in certain industries to share data with authorized and regulated third parties.Continue Reading UK Brings Forward Bill to Reform UK Privacy Laws

On October 22, 2024, the Consumer Financial Protection Bureau (CFPB) announced its long-awaited final rule on “Personal Financial Data Rights” (the Final Rule). The Final Rule implements Section 1033 of the Dodd-Frank Act, which provides consumers the right to access and port their financial information between banks and other financial entities. For an analysis of the proposed rule, please see our analysis here.Continue Reading CFPB Releases Final Open Banking Rules: Key Takeaways for Fintech Companies