On March 12, 2025, the California Privacy Protection Agency (“CPPA”) announced a decision and $632,500 fine related to allegations that American Honda Motor Co., Inc. (“Honda”) violated the California Consumer Privacy Act (“CCPA”).
Inside Privacy Blogs
Latest from Inside Privacy
German SA Checks Whether Online Retailers Allow Consumers to Make Purchases Without Creating an Account
In January 2025, the German Supervisory Authority of Hamburg (“HSA”) examined the practices of online retailers based in Hamburg as to whether they allowed consumers to make purchases without creating a user account. This was mentioned in a press release issued by the HSA regarding a ruling by the Hamburg Higher Regional Court confirming a
Watchdog to Investigate Mobile Payment Provider Over Its Use of Purchase History for Targeted Advertising
On March 18, 2025, the Norwegian Consumer Council asked the Norwegian Supervisory Authority to investigate a payment app provider for using consumers’ purchase history for targeted advertising.
Finnish Supervisory Authority Investigates Health Data Transfers to China
On March 17, 2025, the Finnish Supervisory Authority (“SA”) announced that it is investigating the transfer of personal data related to human research samples by a Finnish university to a Chinese company for genetic analysis services.
CJEU Rules on Right of Rectification of Gender Identity
On March 13, 2025, the Court of Justice of the EU (“CJEU”) ruled that the right of rectification (in Article 16 GDPR) requires a national authority to correct a person’s gender identity, where it is shown to be inaccurate (Case C‑247/23 [Deldits]). The authority, however, may require that person to provide relevant and
U.S. Senate Introduces Genomic Data Protection Act
On March 5, 2025, Senators Bill Cassidy (R-LA) and Gary Peters (D-MI) introduced the federal Genomic Data Protection Act (“GDPA”). The Senators introduced the same bill at the end of last year, but the bill stagnated, and Congress adjourned soon after. Notably, as part of his February 2024 white paper, Senator Cassidy specifically called
China Releases New Labeling Requirements for AI-Generated Content
On March 14, 2025, the Cyberspace Administration of China (“CAC”) released the final Measures for Labeling Artificial Intelligence-Generated Content and the mandatory national standard GB 45438-2025 Cybersecurity Technology – Labeling Method for Content Generated by Artificial Intelligence (collectively “Labeling Rules”). The rules will take effect on September 1, 2025.
The Labeling Rules impose explicit and
Belgian High Court Decides on Abuse of Law in relation to the GDPR Right to File a Complaint
On January 10, 2025, the Belgian High Court (Hof van Cassatie) upheld the decision of the Market Court in a case that pitched the GDPR right to file a complaint against the general legal principle in Belgian law that prohibits the abuse of law.
European Commission Confirms Plans to Simplify GDPR
On March 13, 2025, the Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection, Michael McGrath, confirmed that the Commission is considering simplifying the GDPR with a view to reducing the burden on smaller businesses. This statement aligns with the Commission’s broader goal of simplifying the EU digital framework.
District Court Enjoins Enforcement of the California Age-Appropriate Design Code Act
On March 13, 2025, the U.S. District Court for the Northern District of California issued an order granting NetChoice’s preliminary injunction against the entire California Age-Appropriate Design Code (CA AADC). The court held that NetChoice is likely to succeed on the merits of its facial First Amendment challenge because CA AADC is content-based, and it