Inside Privacy

Updates on developments in data privacy and cybersecurity

Subscribe via RSS
Visit Blog

Latest from Inside Privacy - Page 2

On September 17, 2025, the German Supervisory Authorities (Konferenz der unabhängigen Datenschutzaufsichtsbehörden des Bundes und der Länder, DSK) published new guidelines and recommendations addressing the complex requirements for transferring personal data, particularly health data (including health data contained in biomaterials), to countries outside of the European Economic Area for scientific research purposes under the GDPR.

Recently, California Governor Gavin Newsom signed into law several privacy and related proposals, including new laws governing browser opt-out preference signals, social media account deletion, data brokers, reproductive and health services, age signals for app stores, social media “black box warning” labels for minors, and companion chatbots. This blog summarizes the statutes’ key takeaways.

  • Opt-Out

On September 30, 2025, the California Privacy Protection Agency (“Agency”) announced a decision and $1.35 million fine to resolve allegations that Tractor Supply Co. (“Tractor Supply”) violated the California Consumer Privacy Act (“CCPA”). The settlement comes after the Agency filed a petition to enforce an investigative subpoena against Tractor Supply. In addition to imposing the

On September 17, 2025, the Federal Trade Commission (“FTC”) and seven states – Colorado, Florida, Illinois, Nebraska, Tennessee, Utah, and Virginia – sued Live Nation and Ticketmaster for violations of Section 5 of the FTC Act and the Better Online Ticket Sales Act (“BOTS Act”). Additionally, each state Attorney General alleges violation of various state

The Cybersecurity Information Sharing Act of 2015 (“CISA 2015”), which provided protections for sharing cybersecurity threat information with the federal government and others, officially sunset on September 30, 2025 pursuant to the law’s original sunset date after efforts to re-authorize it did not succeed.  The law created a cybersecurity information sharing framework and established certain

In late September, plaintiffs announced details regarding Google LLC’s (“Google”) and women’s health app developer, Flo Health Inc.’s (“Flo”) proposed settlements to resolve a class action lawsuit stemming from the Flo app’s allegedly unlawful sharing of health data with Google and others through online tracking technologies.

As part of the proposed settlements, Google agreed to

On September 24, Senate Democratic Leader Chuck Schumer (D-N.Y.), Senator Maria Cantwell (D-Wash.), and Senator Ed Markey (D-Mass.) introduced the Management of Individuals’ Neural Data (“MIND”) Act of 2025, which would require the Federal Trade Commission (“FTC”) to conduct a study and provide a report examining the governance of “neural data” under existing law and

On September 16, 2025, the European Commission launched a call for evidence to collect feedback and best practices on simplifying several key areas of the EU digital rulebook, ahead of its planned Digital Omnibus package. This initiative targets legislation related to data, cybersecurity, and artificial intelligence, aiming to reduce administrative burdens and compliance costs for