In June 2025, the Court of Justice of the European Union (CJEU) delivered important rulings clarifying the application of the EU Unfair Contract Terms Directive (UCTD), which protects consumers from unfair standard contract terms that have not been individually negotiated. The UCTD ensures such terms are transparent, clear, and balanced; unfair terms are not binding
Inside Privacy
Updates on developments in data privacy and cybersecurity
Blog Authors
Latest from Inside Privacy
Council and Parliament Agree on Key Reforms to the EU ADR Framework
On June 26, 2025, the Council and the European Parliament reached a provisional agreement on modernizing the EU’s framework for alternative dispute resolution (ADR) in consumer matters.
The current ADR framework—established in Directive 2013/11/EU (ADR Directive)—has not been amended since its adoption in 2013. As noted in our previous blog, the European Commission recognized…
Denmark Proposes GDPR and ePrivacy Directive Revision
On July 4, 2025, a non-paper from the Danish government signaled an intention to propose a targeted revision of the GDPR and the ePrivacy Directive to reduce the compliance burden on companies and ensure their competitiveness. Denmark recently assumed the Presidency of the Council of the European Union and will be in a privileged position…
Eighth Circuit Vacates FTC Negative Option Rule
On July 8, 2025, the Eighth Circuit issued a per curiam decision that vacated the FTC’s revised Negative Option Rule in its entirety. The opinion will become effective when the court issues its mandate, which should happen within seven weeks unless the FTC seeks further review.…
District Court Enjoins Privacy Rule Modifications Regarding Reproductive Health Care
On June 19, 2025, the U.S. District Court for the Northern District of Texas vacated the majority of the Biden Administration rule (the “2024 Rule”) modifying the Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) under the Health Insurance Portability and Accountability Act (“HIPAA”) regarding protected health information (“PHI”) concerning reproductive health. As…
FERC Finalizes New Internal Network Security Monitoring Requirements for Bulk Electric Systems
The U.S. Federal Energy Regulatory Commission (“FERC”) recently issued Order No. 907 (the “Order”), approving a new Critical Infrastructure Protection (“CIP”) Reliability Standard, CIP-015-1. The new standard will require covered entities that maintain certain bulk electric systems (“BES”) to implement Internal Network Security Monitoring (“INSM”) for network traffic within their “electronic security perimeter,” i.e.,…
Oregon Amends Its Comprehensive Privacy Statute
Following the approach taken by the Kentucky and Connecticut legislatures this spring, Oregon has amended its comprehensive privacy statute to implement changes to the law. Specifically, the amendment extends the statutory cure period to July 1, 2026, but this extension is limited to certain controllers. Beginning on January 1, 2026, the statute’s cure provision will…
U.S. Government Issues Cybersecurity Warning to Critical Infrastructure Operators and Others
On June 30, 2025, the Cybersecurity and Infrastructure Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) warned U.S. critical infrastructure organizations and other companies that the threat of cyber attacks from Iran-affiliated cyber actors is heightened in the wake of the…
Connecticut Legislature Amends Its Privacy Statute
On June 24, 2025, the Connecticut governor signed SB 1295, which amends the state’s comprehensive privacy statute, the Connecticut Data Privacy Act (“CTDPA”). SB 1295 takes effect on July 1, 2026.…
The UK’s new Data Legislation – What does it mean for the Life Science sector?
This blog was prepared in collaboration with, and was originally published by, the UK BioIndustry Association, here. We are grateful to the UK BioIndustry Association for collaborating on this blog, and for the opportunity to post it here.
What are the UK’s plans to reform data protection law?
After an extended period of legislative…