In December 2025, the Spanish Agency for the Supervision of Artificial Intelligence (AESIA) published a set of detailed guidance documents and templates aimed at helping providers and deployers of high-risk AI systems under the EU AI Act comply with the relevant requirements of the law. The materials are also available in English.…

In advance of the Indiana Consumer Data Protection Act’s (“Act”) effective date on January 1, 2026, the Indiana Attorney General released a Data Consumer Bill of Rights (“Bill of Rights”) that summarizes the rights created in the Act.…

On December 2, 2025, the Court of Justice of the European Union (“CJEU”) issued a decision clarifying the obligations of online marketplace operators with regard to content posted on their platform, where such content includes personal data.  This blogpost provides an overview of the decision and its key takeaways.…

Since our mid-year recap on minors’ privacy legislation, several significant developments have emerged in the latter half of 2025. We recap the notable developments below.…

On November 12, 2025, the European Commission launched two public consultations that could significantly reshape EU product compliance rules. To participate, stakeholders – including businesses, consumer groups, and industry associations – are invited to complete the Commission’s online questionnaires, available until February 4, 2026.…

On November 19, 2025, the European Commission unveiled its 2030 Consumer Agenda, setting out priorities for EU consumer policy over the next five years. Below is an overview of the six key measures most relevant to industry.…

Last week, the Third Circuit affirmed dismissal of a putative class action asserting that defendant Quest Diagnostics violated the California Invasion of Privacy Act (“CIPA”) and the Confidentiality of Medical Information Act (“CMIA”) by employing a website pixel to track and collect data about their website activity for advertising purposes.  See Cole v. Quest Diagnostics…