Inside Privacy

Updates on developments in data privacy and cybersecurity

Subscribe via RSS
Visit Blog

Blog Authors

ABCDEFGHIJKLMNOPQRSTUVWXYZ
Wade Ackerman
Christopher Adams
Bolatito Adetula
Christian Ahlborn
Samar Amidi
Fredericka Argent

Latest from Inside Privacy

On April 14, 2026, the FTC announced three settlements and issued closing letters to two additional companies concerning “Made in America,” “Made in the USA,” and similar U.S.‑origin claims (collectively, “MUSA claims”).  These actions reflect the FTC’s continued focus on MUSA claims and, more broadly, the Trump administration’s focus on American manufacturing and related claims

On 31 March 2026, the UK’s Information Commissioner’s Office (“ICO”) launched a public consultation on draft updated guidance on automated decision-making (“ADM”), including profiling (“Draft Guidance”) and simultaneously published a report on the use of ADM in recruitment (“Recruitment Report”).

The Draft Guidance is the ICO’s first detailed interpretation of the Data (Use and Access)

As agentic AI systems move from research labs to enterprise workflows, regulators worldwide are grappling with how to address the potential risks these systems may pose (as discussed in prior blog posts here and here).  In January 2026, Singapore’s Infocomm Media Development Authority (“IMDA”) launched a non-binding Model AI Governance Framework for Agentic AI

On April 20, 2026, the Spanish Data Protection Agency (AEPD) has published new guidance on how to comply with the GDPR when using AI‑powered voice transcription tools. The guidance builds on earlier AEPD guidance on this topic from January 2026. This blog post sets out the key takeaways of both guidance documents, which are

On April 15, 2026, the European Data Protection Board (EDPB) published draft Guidelines 1/2026 on the processing of personal data for scientific research purposes (Guidelines). The Guidelines are open for public consultation until 25 June 2026. They aim to clarify how the GDPR applies to academic, public‑sector, and commercial research, including research that relies on

The Federal Trade Commission (FTC) announced a settlement with dating app operator OkCupid and its affiliate Match Group Americas (Match), resolving allegations that the company had violated Section 5 of the FTC Act by sharing users’ personal information with a third party in a manner that was not disclosed in the company’s privacy notice. Specifically,

On April 14, 2026, the Federal Trade Commission (“FTC” or “Commission”) announced an Advanced Notice of Proposed Rulemaking (“ANPRM”) seeking public comment on whether a new rule is needed to address fee practices by online food and grocery delivery platforms that may obscure total pricing or impede consumers’ ability to compare prices across services.  Comments

On April 1, 2026, the Seventh Circuit in Clay v. Union Pacific Railroad Company held that an amendment to the Illinois Biometric Information Privacy Act (BIPA), limiting damages to a per-person basis, applies retroactively to cases pending when the amendment was enacted in 2024. This decision limits the potential statutory damages plaintiffs may obtain for