Inside Privacy

Updates on developments in data privacy and cybersecurity

Subscribe via RSS
Visit Blog

Blog Authors

ABCDEFGHIJKLMNOPQRSTUVWXYZ
Wade Ackerman
Christopher Adams
Bolatito Adetula
Jasmine Agyekum
Christian Ahlborn
Samar Amidi
Fredericka Argent

Latest from Inside Privacy

On November 12, 2025, UNESCO’S General Conference adopted its Recommendation on the Ethics of Neurotechnology (“the Recommendation”)–the first attempt at establishing a global legal framework for the ethical development and use of neurotechnology. The Recommendation aims to set out a comprehensive rights-based framework for the entire life cycle of neurotechnology, from the design of neurotechnology

On 5 December 2025, the Act Transposing the NIS 2 Directive and Regulating Key Aspects of Information Security Management in the Federal Administration (Gesetz zur Umsetzung der NIS-2-Richtlinie und zur Regelung wesentlicher Grundzüge des Informationssicherheitsmanagements in der Bundesverwaltung (“NIS2UmsG”) (see here, in German only) became binding in Germany. According to the Federal Office for

On December 22, the Federal Trade Commission (“FTC”) issued an order setting aside its 2024 final consent order against Rytr, LLC (“Rytr”) on the grounds that the facts alleged in the Rytr complaint did not violate Section 5.  The Commission further found that the Rytr order did not provide any benefit to consumers and thus

On December 4, 2025, the German Federal Government published its Federal Modernization Agenda, setting out a series of suggested amendments to the GDPR and the Federal Data Protection Act (Bundesdatenschutzgesetz). Among the key measures, Germany seeks to shift certain responsibilities from users to manufacturers and providers of standard IT products—following the model of the

The Federal Trade Commission (FTC) sent letters to 10 companies—whose identities were not publicly disclosed—on December 22, 2025, warning them about potential violations of the Consumer Reviews Rule. The Rule, which took effect in October 2024, targets deceptive online review and testimonial practices. These warning letters mark the FTC’s first public enforcement action under the

The Federal Trade Commission (FTC) recently announced that it agreed to proposed consent orders with two companies that experienced recent cybersecurity incidents, Illuminate Education (“Illuminate”) and Illusory Systems, which does business as Nomad (“Illusory”), to resolve allegations that both companies’ information security practices had violated Section 5 of the FTC Act.  Both consent orders include

On December 16, 2025, the U.S. National Institute of Standards and Technology (“NIST”) published a preliminary draft of the Cybersecurity Framework Profile for Artificial Intelligence (“Cyber AI Profile” or “Profile”).  According to the draft, the Cyber AI Profile is intended to “provide guidelines for managing cybersecurity risk related to AI systems [and] identify[] opportunities for

On November 21, 2025, California Attorney General Rob Bonta announced a $1.4 million settlement with Jam City, Inc. (“Jam City”), a mobile app gaming company, for alleged violations of the California Consumer Privacy Act (“CCPA”) and Unfair Competition Law (“UCL”). The Jam City settlement marks Attorney General Bonta’s sixth settlement obtained under the CCPA and

On December 11, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) released its Cybersecurity Performance Goals 2.0 (“CPG 2.0”), an update to its core set of recommended cybersecurity practices for critical infrastructure owners and operators, which we previously wrote about here.  Established by the 2021 National Security Memorandum on Improving Cybersecurity for Critical

On December 19, 2025, New York Governor Kathy Hochul vetoed the New York Health Information Privacy Act (“NYHIPA”).  While NYHIPA bore similarities to Washington’s My Health My Data Act (“MHMD”) and Nevada’s Health Privacy Law (“SB 370”), it had several provisions that would have raised novel compliance and legal questions.